The lazy quantifier (?) is not being respected, so rather than returning the first match of "stuff, a forward slash, more stuff, space", it returns the last one.
I know zero C, so I'm afraid I can't be much help in figuring out why. You could try the universal regexp trick: if in doubt, escape it! -HKS On Wed, Oct 29, 2008 at 10:50 AM, Rainer Gerhards <[EMAIL PROTECTED]> wrote: >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:rsyslog- >> [EMAIL PROTECTED] On Behalf Of RB >> Sent: Wednesday, October 29, 2008 3:47 PM >> To: rsyslog-users >> Subject: Re: [rsyslog] regex help wanted >> >> > He claims that rsyslog does not correctly handle POSIX ERE regular >> > expressions, but I now have written a simple program (tester) that >> works >> > in the same way. I don't think I have set any options wrong. > However, >> I >> > am not at all an regex expert. >> >> I've not carefully read the portion of the source where you do your >> matching; can you point me in a general direction? What library are >> you using? > > Sure. There is a very simple sample program inside the forum thread. > This is a direct link: > > http://kb.monitorware.com/regex-match-for-port-t8764-15.html#p14423 > > Well... I'll also include it after my sig. I use the plain old clib > regex library. The problem can fully be reproduced with the minimalistic > sample, so I think it is better to look at it than at the actual rsyslog > source (but most of the regex functionality is in msg.c). > > Thanks, > Rainer > > #include <stdio.h> > #include <sys/types.h> > #include <regex.h> > > #define STR "%ASA-6-302015: Built outbound UDP connection 25503427 > for outside:198.14.210.2/53 (198.14.210.2/53) to inside:12.66.8.80/61594 > (198.39.187.236/54751)" > int main() > { > regex_t preg; > size_t nmatch = 10; > regmatch_t pmatch[10]; > char str[] = STR; > int i; > > i = regcomp(&preg, "outside:.+?/(.+?)\\s", REG_EXTENDED); > printf("regcomp returns %d\n", i); > i = regexec(&preg, str, nmatch, pmatch, 0); > printf("regexec returns %d\n", i); > if(i == REG_NOMATCH) { > printf("found no match!\n"); > return 1; > } > > printf("returned substrings:\n"); > for(i = 0 ; i < 10 ; i++) { > printf("%d: so %d, eo %d", i, pmatch[i].rm_so, > pmatch[i].rm_eo); > if(pmatch[i].rm_so != -1) { > int j; > printf(", text: '"); > for(j = pmatch[i].rm_so ; j < pmatch[i].rm_eo ; ++j) > putchar(str[j]); > putchar('\''); > } > putchar('\n'); > } > return 0; > } > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
