Mailing List Archive

Yes, that should work as expected.

-HKS

On Mon, Nov 3, 2008 at 8:14 AM, Mikel Jimenez <mikel@irontec.com> wrote:
> hello
>
> Is this correct?
>
> if $msg contains 'GUI_set' and not $msg contains 'VALIDATOR' then
> @@192.1.100.1
>
>
> I want that if message contains GUI_set and no VALIDATOR logs remotelly
> in 192.1.100.1 via TCP
>
>
> Thanks
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com

Hello
I usually use startswitch 'xxxxx' but is anything similar to "endswith" ?
Or regex that makes "endwith" function?

Would be appreciated an example please

Thanks!!

--
Mikel Jimenez Fernandez
Irontec, Internet y Sistemas sobre GNU/LinuX - http://www.irontec.com
+34 94.404.81.82


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com

Mikel Jimenez wrote:
> Hello
> I usually use startswitch 'xxxxx' but is anything similar to "endswith" ?
> Or regex that makes "endwith" function?
>
> Would be appreciated an example please

thou i do not know about the actual implementation in rsyslog,
you can match an end-of-line with: "$".

e.g.
> raoul $ echo "my test"|grep test$
> my test
> raoul $ echo "my test2"|grep test$
> raoul $

maybe [1] might be of use.

cheers,
raoul
[1] http://www.addedbytes.com/cheat-sheets/regular-expressions-cheat-sheet/
--
____________________________________________________________________
DI (FH) Raoul Bhatia M.Sc. email. r.bhatia@ipax.at
Technischer Leiter

IPAX - Aloy Bhatia Hava OEG web. http://www.ipax.at
Barawitzkagasse 10/2/2/11 email. office@ipax.at
1190 Wien tel. +43 1 3670030
FN 277995t HG Wien fax. +43 1 3670030 15
____________________________________________________________________
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com

You can use 'xxxxx$' as a regular expression. For the property replacer,
I have recently written a tool where you can try this out:

http://www.rsyslog.com/tool-regex

Note, though, that the syntax for conditions is different. But you get
the idea...

Rainer

> -----Original Message-----
> From: rsyslog-bounces@lists.adiscon.com [mailto:rsyslog-
> bounces@lists.adiscon.com] On Behalf Of Mikel Jimenez
> Sent: Thursday, November 13, 2008 12:38 PM
> To: rsyslog@lists.adiscon.com
> Subject: [rsyslog] filter expression dude
>
> Hello
> I usually use startswitch 'xxxxx' but is anything similar to
"endswith"
> ?
> Or regex that makes "endwith" function?
>
> Would be appreciated an example please
>
> Thanks!!
>
> --
> Mikel Jimenez Fernandez
> Irontec, Internet y Sistemas sobre GNU/LinuX - http://www.irontec.com
> +34 94.404.81.82
>
>
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com

Rainer Gerhards escribió:
> You can use 'xxxxx$' as a regular expression. For the property replacer,
> I have recently written a tool where you can try this out:
>
> http://www.rsyslog.com/tool-regex
>
> Note, though, that the syntax for conditions is different. But you get
> the idea...
>
> Rainer
>
>
>> -----Original Message-----
>> From: rsyslog-bounces@lists.adiscon.com [mailto:rsyslog-
>> bounces@lists.adiscon.com] On Behalf Of Mikel Jimenez
>> Sent: Thursday, November 13, 2008 12:38 PM
>> To: rsyslog@lists.adiscon.com
>> Subject: [rsyslog] filter expression dude
>>
>> Hello
>> I usually use startswitch 'xxxxx' but is anything similar to
>>
> "endswith"
>
>> ?
>> Or regex that makes "endwith" function?
>>
>> Would be appreciated an example please
>>
>> Thanks!!
>>
>> --
>> Mikel Jimenez Fernandez
>> Irontec, Internet y Sistemas sobre GNU/LinuX - http://www.irontec.com
>> +34 94.404.81.82
>>
>>
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com
>>
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com
>
ok!
And in full example?
I have this
if $FROMHOST startswith 'deusto' then
:ommysql:localhost,deustolog,Ursyslog,superf4rs1t4009
& ~

And I want al "fromhost" that ends with 'sto'. I dont understand how to
do this with regex tool...
For example:
esto
ppesto
rtisto

Can you write me these practical example?

--
Mikel Jimenez Fernandez
Irontec, Internet y Sistemas sobre GNU/LinuX - http://www.irontec.com
+34 94.404.81.82


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com

> ok!
> And in full example?
> I have this
> if $FROMHOST startswith 'deusto' then
> :ommysql:localhost,deustolog,Ursyslog,superf4rs1t4009
> & ~
>
> And I want al "fromhost" that ends with 'sto'. I dont understand how to
> do this with regex tool...
> For example:
> esto
> ppesto
> rtisto
>
> Can you write me these practical example?
>


:fromhost, regex, "sto$"
:ommysql:localhost,deustolog,Ursyslog,superf4rs1t4009
& ~

-HKS
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com