Hi,
I've recently changed the template format of the logs that are
streaming through Sec to allow me to work on the basis of facilities and
priorities as well as log matches.
This has made me realize the need for a scalable and manageable way of
updating the log format for all those logs that are log format dependent
by design (ie because they need to correlate details of host etc).
Although I am very familiar with the global search and replace... I
don't believe this is the right way to do it and so I want to assign a
regex to a variable and then have my regex patterns for the rules
reference that variable and then continue with literal characters for
the rest of the regex.
This is a very simple and unrealistic example that should demonstrate
the type of thing I want to do
ptype=RegExp
pattern=SEC_STARTUP
context=SEC_INTERNAL_EVENT
continue=TakeNext
desc=Assign the regex string to %m
action=assign %m ^\w+\s+\d+........
type=Single
ptype=RegExp
pattern=%{m}.*something interesting
desc=match something that has the log_prefix and the string "something
interesting" following it
action=write - caught log
However, my testing seems to indicate that this does not work. The
pattern I think is taken as a literal and the variable is just not
interpolated.
Does anyone have any ideas on this?
-h
--
Hari Sekhon
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
