Using the regex tool on the site, I’ve different methods of catching these
logs, none of which worked. Explanations below:
Method 1:
:fromhost-ip, regex, ‘^192\.168\.[0-9]{1,3}\.(1|33)$' /var/log/cisco-router.log
& ~
This doesn’t work at all, the logs end up in /var/log/syslog seemingly because
the regex doesn’t match.
Method 2:
if re_match($fromhost-ip, ‘^192\.168\.[0-9]{1,3}\.(1|33)$') then {
*.* /var/log/cisco-router.log
& ~
}
This logs *everything* to /var/log/cisco-router, even messages where the
fromhost-ip certainly doesn’t match the regex.
> On Sep 2, 2015, at 6:46 PM, David Lang <[email protected]> wrote:
>
> On Wed, 2 Sep 2015, Brandon Phelps wrote:
>
>> I think I am missing something. since I’m using a property-based filter,
>> shouldn’t “:fromhost-ip, regex, ‘blah’” ONLY compare the regular expression
>> I defined to the “fromhost-ip” property? And so shouldn’t $ match the end
>> of the IP address instead of the end of “:msg”?
>
> you are correct, there is a regex testing tool on the rsyslog website.
>
> David Lang_______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
> LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
