What is the correct syntax for rsyslog's re_match()?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I'm trying to filter unwanted messages from a cron job (systemd) from rsyslog output. However rsyslog always complains about the second argument of re_match()
. The filter rule I have is:
if $programname == "systemd" and re_match($msg, '^Started [Ss]ession d+ of user ntpmon.$') then stop
I started putting the regex in double-quotes, and rsyslog complained. Then I put the regex in single quotes, and rsyslog still complains.
The documentation is a bit vague:
re_match(expr, re)
returns 1, if expr matches re, 0 otherwise. Uses POSIX ERE.
How do I fix it (the filter, not the docs)?
regular-expression rsyslog filter
New contributor
add a comment |
up vote
0
down vote
favorite
I'm trying to filter unwanted messages from a cron job (systemd) from rsyslog output. However rsyslog always complains about the second argument of re_match()
. The filter rule I have is:
if $programname == "systemd" and re_match($msg, '^Started [Ss]ession d+ of user ntpmon.$') then stop
I started putting the regex in double-quotes, and rsyslog complained. Then I put the regex in single quotes, and rsyslog still complains.
The documentation is a bit vague:
re_match(expr, re)
returns 1, if expr matches re, 0 otherwise. Uses POSIX ERE.
How do I fix it (the filter, not the docs)?
regular-expression rsyslog filter
New contributor
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm trying to filter unwanted messages from a cron job (systemd) from rsyslog output. However rsyslog always complains about the second argument of re_match()
. The filter rule I have is:
if $programname == "systemd" and re_match($msg, '^Started [Ss]ession d+ of user ntpmon.$') then stop
I started putting the regex in double-quotes, and rsyslog complained. Then I put the regex in single quotes, and rsyslog still complains.
The documentation is a bit vague:
re_match(expr, re)
returns 1, if expr matches re, 0 otherwise. Uses POSIX ERE.
How do I fix it (the filter, not the docs)?
regular-expression rsyslog filter
New contributor
I'm trying to filter unwanted messages from a cron job (systemd) from rsyslog output. However rsyslog always complains about the second argument of re_match()
. The filter rule I have is:
if $programname == "systemd" and re_match($msg, '^Started [Ss]ession d+ of user ntpmon.$') then stop
I started putting the regex in double-quotes, and rsyslog complained. Then I put the regex in single quotes, and rsyslog still complains.
The documentation is a bit vague:
re_match(expr, re)
returns 1, if expr matches re, 0 otherwise. Uses POSIX ERE.
How do I fix it (the filter, not the docs)?
regular-expression rsyslog filter
regular-expression rsyslog filter
New contributor
New contributor
New contributor
asked 15 hours ago
U. Windl
1291
1291
New contributor
New contributor
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
You need to double the backslash, otherwise rsyslog tries to interpret d
as an escape sequence within a string, and this is not parseable. So it should be \d
.
But d
is not a Posix ERE. You presumably meant [0-9]
, for example, for a digit. So try
'^Started [Ss]ession [0-9]+ of user ntpmon\.$'
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
You need to double the backslash, otherwise rsyslog tries to interpret d
as an escape sequence within a string, and this is not parseable. So it should be \d
.
But d
is not a Posix ERE. You presumably meant [0-9]
, for example, for a digit. So try
'^Started [Ss]ession [0-9]+ of user ntpmon\.$'
add a comment |
up vote
0
down vote
You need to double the backslash, otherwise rsyslog tries to interpret d
as an escape sequence within a string, and this is not parseable. So it should be \d
.
But d
is not a Posix ERE. You presumably meant [0-9]
, for example, for a digit. So try
'^Started [Ss]ession [0-9]+ of user ntpmon\.$'
add a comment |
up vote
0
down vote
up vote
0
down vote
You need to double the backslash, otherwise rsyslog tries to interpret d
as an escape sequence within a string, and this is not parseable. So it should be \d
.
But d
is not a Posix ERE. You presumably meant [0-9]
, for example, for a digit. So try
'^Started [Ss]ession [0-9]+ of user ntpmon\.$'
You need to double the backslash, otherwise rsyslog tries to interpret d
as an escape sequence within a string, and this is not parseable. So it should be \d
.
But d
is not a Posix ERE. You presumably meant [0-9]
, for example, for a digit. So try
'^Started [Ss]ession [0-9]+ of user ntpmon\.$'
answered 11 hours ago
meuh
31k11754
31k11754
add a comment |
add a comment |
U. Windl is a new contributor. Be nice, and check out our Code of Conduct.
U. Windl is a new contributor. Be nice, and check out our Code of Conduct.
U. Windl is a new contributor. Be nice, and check out our Code of Conduct.
U. Windl is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f481282%2fwhat-is-the-correct-syntax-for-rsyslogs-re-match%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password