mplates.
>>>
>>>
>>> Sent from phone, thus brief.
>>>
>>>
>>>
>>> Ursprüngliche Nachricht
>>> Von: David Lang
>>> Datum: 26.03.2013 20:04 (GMT+01:00)
>>> An: rsyslog-users
>>> Betreff
On Wed, 27 Mar 2013, Rainer Gerhards wrote:
On Wed, 2013-03-27 at 07:38 +, Rainer Gerhards wrote:
On Tue, 2013-03-26 at 12:26 -0700, Gary Foster wrote:
FWIW it does work properly *inside* a template.
That was the misunderstanding. These are *template* constructs, so they
are not supposed
lates.
> > >
> > >
> > > Sent from phone, thus brief.
> > >
> > >
> > >
> > > Ursprüngliche Nachricht
> > > Von: David Lang
> > > Datum: 26.03.2013 20:04 (GMT+01:00)
> > > An: rsyslog-u
> >
> > Sent from phone, thus brief.
> >
> >
> >
> > Ursprüngliche Nachricht --------
> > Von: David Lang
> > Datum: 26.03.2013 20:04 (GMT+01:00)
> > An: rsyslog-users
> > Betreff: Re: [rsyslog] property replacer and
om phone, thus brief.
>
>
>
> Ursprüngliche Nachricht
> Von: David Lang
> Datum: 26.03.2013 20:04 (GMT+01:00)
> An: rsyslog-users
> Betreff: Re: [rsyslog] property replacer and regexps
>
>
> Gary, I thought to set the contents of $!foo you had to use somethi
gt;
>
> Sent from phone, thus brief.
>
>
>
> Ursprüngliche Nachricht
> Von: David Lang
> Datum: 26.03.2013 20:04 (GMT+01:00)
> An: rsyslog-users
> Betreff: Re: [rsyslog] property replacer and regexps
>
>
> Gary, I thought to set the co
Ah , misunderstsnding: %...% is property replacer. You cannot use that outside
of templates.
Sent from phone, thus brief.
Ursprüngliche Nachricht
Von: David Lang
Datum: 26.03.2013 20:04 (GMT+01:00)
An: rsyslog-users
Betreff: Re: [rsyslog] property replacer and regexps
ar 2013, Gary Foster wrote:
Date: Tue, 26 Mar 2013 11:58:58 -0700
From: Gary Foster
Reply-To: rsyslog-users
To: rsyslog-users
Subject: Re: [rsyslog] property replacer and regexps
Ok, it's not just a % escape issue after all (sorry for the continued followup
spammage), because even this l
Ok, it's not just a % escape issue after all (sorry for the continued followup
spammage), because even this line causes a config error:
%$!foo:R,ERE,0,DFLT:rg_counter--end%
which should, if I understand correctly, put the entire contents of $msg in
$!foo but instead fails to load with a config
Additional followup because I just realized something.
I suspect the problem lies in needing to escape the "%" characters inside the
regexp. However, I am unable to figure out how to properly escape those
characters, although I'm now diving through the online docs in order to figure
it out.
-
I distilled my test conf file down to the bare minimum in order to duplicate
this error. Here it is.
The file as written causes rsyslog to fail on startup with the aforementioned
config file error. If I comment out the property replacer line and the output
to /var/log/test.log, it loads fine
On Mon, 2013-03-25 at 17:23 -0700, Gary Foster wrote:
> For the record, this doesn't work. Rsyslog won't even start up. Gives me
> this:
>
> 7349.533941464:7f66c2bd6740: Called LogError, msg: CONFIG ERROR: could not
> interpret master config file '/etc/rsyslog.conf'.
>
can you post the comple
For the record, this doesn't work. Rsyslog won't even start up. Gives me this:
7349.533941464:7f66c2bd6740: Called LogError, msg: CONFIG ERROR: could not
interpret master config file '/etc/rsyslog.conf'.
On Mar 21, 2013, at 8:05 AM, Gary Foster wrote:
>> %$!somevar:R,ERE,1,DFLT:=(.+):.+&--e
On Mar 21, 2013, at 3:12 AM, Rainer Gerhards wrote:
>>
>> You'd think it would be simply something like:
>>
>> %somevar:R,ERE,1,DFLT:=(.+):.+&--end%
>
> %$!somevar:R,ERE,1,DFLT:=(.+):.+&--end%
Hmm, I would be willing to bet beer that I tried that, but I'll try it again
just to be sure and l
> I think there currently is no function to actually extract a regex match (but
> I
> may be wrong, cannot look up the code right at the moment).
Just checked, there currently indeed is no such function. However, you can do a
regex match on the user variable field inside the property replacer, i
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> boun...@lists.adiscon.com] On Behalf Of Gary Foster
> Sent: Wednesday, March 20, 2013 10:30 PM
> To: rsyslog-users
> Subject: [rsyslog] property replacer and regexps
>
> Le
> >
> >
> > On Wed, Mar 20, 2013 at 10:36 PM, David Lang wrote:
> >
> >> Version 7 has added the ability to set variables that you can use later,
> >> earlier versions do not have that capability.
> >>
> >> now, exactly _how_ to se
ang
>>
>> On Wed, 20 Mar 2013, Gary Foster wrote:
>>
>> Date: Wed, 20 Mar 2013 14:30:17 -0700
>>> From: Gary Foster
>>> Reply-To: rsyslog-users
>>> To: rsyslog-users
>>> Subject: [rsyslog] property replacer and regexps
>>>
>
From: Gary Foster
>> Reply-To: rsyslog-users
>> To: rsyslog-users
>> Subject: [rsyslog] property replacer and regexps
>>
>>
>> Let's say I want to set an arbitrary variable in my rsyslog.conf based
>> upon a regexp match against the incoming message.
-0700
From: Gary Foster
Reply-To: rsyslog-users
To: rsyslog-users
Subject: [rsyslog] property replacer and regexps
Let's say I want to set an arbitrary variable in my rsyslog.conf based upon a
regexp match against the incoming message. For example (warning, completely
contrived exa
Let's say I want to set an arbitrary variable in my rsyslog.conf based upon a
regexp match against the incoming message. For example (warning, completely
contrived examples incoming):
incoming message is "foo:bar=10:baz&blah:blah:blah"
I want to do something like:
set %!somevar =
(why? Wel
21 matches
Mail list logo
