Hi
everybody!
I'm a little
confused about the syslog message rules definition.
If i define for
example a syslog rule with
%CRYPTO-4-(\S+):
and set a "D" in the
info field, which should give me the rest after the matching string of the
message, i get a "D" in the event viewer for this event. In generally nearly
nothing of my old rules work in new version (0.7.7).
Javier, has you
changed the rules in new versions, because in 0.7.5 everything works
fine??
What rules are
possible for syslogs?
Greetings
