I'm running rsyslog 8.2012.0 for the following. The following regex and message works fine for all regex flavors on regex101.com, but when using as an ERE template, the rsyslog regex test page at https://www.rsyslog.com/regex/ won't accept what I've entered as a valid regex and rsyslog fails as well.
The regex I'm using is: AgentLogFile=([^\s]+)[\s] And the tab-delimited, tag/value message is: <13>Feb 13 21:43:17 wintest AgentDevice=WindowsLog AgentLogFile=System PluginVersion=1.0 Source=Source Computer=wintest OriginatingComputer=192.168.1.1 User= Domain= EventID=1234 EventIDCode=1234 EventType=2 EventCategory=1 RecordNumber=12345 TimeGenerated=1613270597998 TimeWritten=1613270597998 Level=WARNING Keywords=Warning Task=0 Opcode=Info Message= No matter what variation I've tried, the regex checker web page an rsyslog return a result of: **NO MATCH** Any help would be deeply appreciated rob _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
