On 8/29/2012 4:05 PM, [email protected] wrote:
On Wed, 29 Aug 2012, Jacob Steinberger wrote:
:rawmsg,ereregex,"local/[^ ]+ err|info|debug|notice"
:rawmsg,ereregex,"local/[^ ]+ (err|info|debug|notice)"
:rawmsg,ereregex,"local/[^ ]+ err" #(and each individual priority)
:rawmsg,ereregex,"err|info|debug|notice"
:rawmsg,ereregex,"(err|info|debug|notice)"
:rawmsg,ereregex," (err|info|debug|notice) "
All of them end up matching all rows, regardless if the words exist or
not.
Is/was ereregex not fully supported in this old version or am I just
flubbing the syntax?
did you test these with the rsyslog regex tester?
www.rsyslog.com/regex
Did for the template, didn't for the filter ... though it doesn't help
(yet). With the first filter listed above, it matches on "info" and not
the entire regular expression. It's like it's ignoring everything else
(local/[^ ]+).
With the same filter, it's catching an alarm that has *no* matches and
reports no matches when printing out the template.
I'll keep tinkering with the filter, but something doesn't seem right on
this olden version.
Jacob
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
