Mailing List Archive

Rsyslog regex match.global to filter multiple IPs from one event
Ahoi,
I am currently trying to get src and dst IP written to a file, but I
can't find a way to set my regex to global, so it wont stop after the
first match.
I was trying to solve this by capturing groups, but it didn't work as
intended, so I am back at the drawing board.


I was trying to find something in the docs about match.global, without
success.
What did I miss?


$template
parse_connection,"%msg:R,ERE,0,FIELD:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}--end%\n"
-/var/log/src_and_dst.log;parse_connection


I am testing with https://www.rsyslog.com/regex/



Best regards
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.