On 2015-09-02 01:15 PM, Brandon Phelps wrote:
Hello All,I am trying to create a filter using fromhost-ip using the regex matching method. I’m having some trouble getting anchors (^ and $) to work. I have around 1000 devices sending syslog data to the server and out of those 1000 devices, a certain subset of them should go to their own log file (a single log file for those that match, not individual files). I know which device should go to which file based on the IP address of the device. If the first two octets of the fromhost-ip are 192.168, the 3rd octet is anything, and the 4th octet is 1 OR 33 OR 65, etc then I’d like to handle the log differently. I tried using the following: :fromhost-ip, regex, ‘^192\.168\.[0-9]{1,3}\.(1|33|64)$’ -/var/log/router-logs.log & ~ However this doesn’t seem to work at all. I can get things working without using anchors however if I do that, I would also match 192.168.x.103 instead of just 192.168.x.1, etc. Any ideas what I’m doing wrong? Thanks in advance, Brandon
Can you post a sanitized log entry on what you're trying to match? james _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
