Hello All,
I am trying to create a filter using fromhost-ip using the regex matching
method. I’m having some trouble getting anchors (^ and $) to work. I have
around 1000 devices sending syslog data to the server and out of those 1000
devices, a certain subset of them should go to their own log file (a single log
file for those that match, not individual files). I know which device should
go to which file based on the IP address of the device. If the first two
octets of the fromhost-ip are 192.168, the 3rd octet is anything, and the 4th
octet is 1 OR 33 OR 65, etc then I’d like to handle the log differently.
I tried using the following:
:fromhost-ip, regex, ‘^192\.168\.[0-9]{1,3}\.(1|33|64)$’
-/var/log/router-logs.log
& ~
However this doesn’t seem to work at all. I can get things working without
using anchors however if I do that, I would also match 192.168.x.103 instead of
just 192.168.x.1, etc.
Any ideas what I’m doing wrong?
Thanks in advance,
Brandon
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
