I have some problems using the regular expression function of rsyslog.
First, how do you assign multiple values matched by a regular expression to
multiple variables?
Second, how to use this syntax in templates? The document does not clearly
state, do you have any examples that can provide references?
eg:
The msg is 【root pts/0 2020-03-30 09:02 (192.168.1.3):root 2020-03-30 09:17:45
0 vim /etc/rsyslog.conf】
and,Regular Expression:
/^(\w+)\s(\S+)\s(\d{4}-\d{2}-\d{2}\s\d{2}:\d{2})\s\((\d+\.\d+\.\d+\.\d+)\):(\w+)\s(\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2})\s(\d+)\s(.+)$/
The content described above is tested correctly, how can I use it in the
template.
E.g:
template(name="testTemplate"
type="list"
option.json="on") {
……
constant(value="\",\"login_time\":\"") property(name="msg"
regex.type="ERE" regex.nomatchmode="BLANK" regex.submatch="3"
regex.expression="")
}
any help?
Thanks!
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
