woops don't mind me, I re-read your post and see I missed escaping the \d+
On Thu, Sep 17, 2015 at 4:26 PM, Orangepeel Beef <[email protected]>
wrote:
> Hmm, I think it still isn't working
>
> if re_match($fromhost-ip, '^1\\.1\\.195\\.\d+') then {
>
>
> rsyslogd: version 8.12.0, config validation run (level 1), master config
> /etc/rsyslog.conf
> rsyslogd: error during parsing file /etc/rsyslog.d/30-remote.conf, on or
> before line 13: invalid character ''' in expression - is there an invalid
> escape sequence somewhere? [v8.12.0 try http://www.rsyslog.com/e/2207 ]
> rsyslogd: error during parsing file /etc/rsyslog.d/30-remote.conf, on or
> before line 13: invalid character '^' in expression - is there an invalid
> escape sequence somewhere? [v8.12.0 try http://www.rsyslog.com/e/2207 ]
> rsyslogd: error during parsing file /etc/rsyslog.d/30-remote.conf, on or
> before line 13: invalid character '\' in expression - is there an invalid
> escape sequence somewhere? [v8.12.0 try http://www.rsyslog.com/e/2207 ]
> rsyslogd: error during parsing file /etc/rsyslog.d/30-remote.conf, on or
> before line 13: invalid character '\' in expression - is there an invalid
> escape sequence somewhere? [v8.12.0 try http://www.rsyslog.com/e/2207 ]
> rsyslogd: error during parsing file /etc/rsyslog.d/30-remote.conf, on or
> before line 13: invalid character '.' in expression - is there an invalid
> escape sequence somewhere? [v8.12.0 try http://www.rsyslog.com/e/2207 ]
> rsyslogd: error during parsing file /etc/rsyslog.d/30-remote.conf, on or
> before line 13: syntax error on token '131' [v8.12.0 try
> http://www.rsyslog.com/e/2207 ]
> rsyslogd: CONFIG ERROR: could not interpret master config file
> '/etc/rsyslog.conf'. [v8.12.0 try http://www.rsyslog.com/e/2207 ]
>
>
> while
>
> if re_match($fromhost-ip, '^1.1.195.*') then {
>
> seems to work, it just isn't as specific as I'd like. And if . is
> matching like a regex . it could get all kinds of false matches.
>
>
> On Thu, Sep 17, 2015 at 12:31 AM, Rainer Gerhards <
> [email protected]> wrote:
>
>> 2015-09-17 9:24 GMT+02:00 Orangepeel Beef <[email protected]>:
>> > Aha! Thanks. I actually tried to use the escaping tool on the rsyslog
>> > website but just ended up with an empty page.
>>
>> Oh, good to know, so we should look into that. It's very valuable for
>> such cases...
>>
>> Rainer
>> > On Sep 16, 2015 11:29 PM, "Rainer Gerhards" <[email protected]>
>> > wrote:
>> >
>> >> You need to escape the backslashes inside the string, as such:
>> >>
>> >> '1\\.2\\.\\d+\\.\\d+'
>> >>
>> >> HTH
>> >> Rainer
>> >>
>> >> 2015-09-17 4:20 GMT+02:00 Orangepeel Beef <[email protected]>:
>> >> > A while back I asked a question and got a working response on how to
>> do
>> >> > else if in the rsyslog.conf
>> >> >
>> >> > http://www.gossamer-threads.com/lists/rsyslog/users/9909
>> >> >
>> >> >
>> >> > I'm trying to do something very similar again, but it's not working
>> as
>> >> I'd
>> >> > expect it to.
>> >> >
>> >> >
>> >> > if re_match($fromhost-ip, '1\.2\.\d+\.\d+') then {
>> >> > blah blah
>> >> > } else if re_match($fromhost-ip, '2\.3\.\d+\.\d+') then {
>> >> > blah blah
>> >> > }
>> >> >
>> >> > However it isn't working, and when i ask it to check the config file
>> with
>> >> > -N1 its saying there are invalid characters in the regex.
>> >> >
>> >> > I've tried multiple different regexes but it doesn't seem to be
>> working.
>> >> >
>> >> > (essentially i'm trying to direct logs to different subfolders and
>> >> scripts
>> >> > based on their source ip)
>> >> >
>> >> > In the past i've done this with hostnames, but we have no reverse dns
>> >> here
>> >> > to use.
>> >> >
>> >> > Thoughts?
>> >> >
>> >> >
>> >> > invalid character ''' in expression
>> >> > syntax error on token '/'
>> >> > could not interpret master file
>> >> >
>> >> > etc..
>> >> > _______________________________________________
>> >> > rsyslog mailing list
>> >> > http://lists.adiscon.net/mailman/listinfo/rsyslog
>> >> > http://www.rsyslog.com/professional-services/
>> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards
>> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>> myriad
>> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> >> DON'T LIKE THAT.
>> >> _______________________________________________
>> >> rsyslog mailing list
>> >> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> >> http://www.rsyslog.com/professional-services/
>> >> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>> myriad
>> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> >> DON'T LIKE THAT.
>> >>
>> > _______________________________________________
>> > rsyslog mailing list
>> > http://lists.adiscon.net/mailman/listinfo/rsyslog
>> > http://www.rsyslog.com/professional-services/
>> > What's up with rsyslog? Follow https://twitter.com/rgerhards
>> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
>> you DON'T LIKE THAT.
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
>>
>
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
