improved doc on property replacer regular expressions

3 files changed, 41 insertions, 7 deletions

diff --git a/doc/Makefile.am b/doc/Makefile.am
index fef1e44c..5c2f5313 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -105,6 +105,7 @@ html_files = \
 	rsyslog_conf_modules.html \
 	rsyslog_conf_output.html \
 	rsyslog_conf_templates.html \
+	rsyslog_conf_nomatch.html \
 	src/classes.dia
 
 EXTRA_DIST = $(html_files)
diff --git a/doc/property_replacer.html b/doc/property_replacer.html
index 34e2116c..9ea41aed 100644
--- a/doc/property_replacer.html
+++ b/doc/property_replacer.html
@@ -229,7 +229,7 @@ sequence with a regular expression is: "%msg:R:.*Sev:. \(.*\)
 \[.*--end%"</p>
 <p>It is possible to specify some parametes after the "R". These are
 comma-separated. They are:
-<p>R,&lt;regexp-type&gt;,&lt;submatch&gt;,&lt;nomatch&gt;,&lt;match-number&gt;
+<p>R,&lt;regexp-type&gt;,&lt;submatch&gt;,&lt;<a href="rsyslog_conf_nomatch.html">nomatch</a>&gt;,&lt;match-number&gt;
 <p>regexp-type is either "BRE" for Posix basic regular expressions or
 "ERE" for extended ones. The string must be given in upper case. The
 default is "BRE" to be consistent with earlier versions of rsyslog that
@@ -241,12 +241,8 @@ that the first match is number 0, the second 1 and so on. Up to 10 matches
 (up to number 9) are supported. Please note that it would be more
 natural to have the match-number in front of submatch, but this would break 
 backward-compatibility. So the match-number must be specified after "nomatch".
-<p>nomatch is either "DFLT", "BLANK" or "FIELD" (all upper case!). It tells
-what to use if no match is found. With "DFLT", the strig "**NO MATCH**" is
-used. This was the only supported value up to rsyslog 3.19.5. With "BLANK"
-a blank text is used (""). Finally, "FIELD" uses the full property text
-instead of the expression. Some folks have requested that, so it seems
-to be useful.
+<p><a href="rsyslog_conf_nomatch.html">nomatch</a> specifies what should
+be used in case no match is found.
 <p>The following is a sample of an ERE expression that takes the first
 submatch from the message string and replaces the expression with
 the full field if no match is found:
diff --git a/doc/rsyslog_conf_nomatch.html b/doc/rsyslog_conf_nomatch.html
new file mode 100644
index 00000000..5c4f3f90
--- /dev/null
+++ b/doc/rsyslog_conf_nomatch.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><title>nomatch mode - property replacer - rsyslog.conf</title></head>
+<body>
+<h1>nomatch mode - property replacer - rsyslog.con</h1>
+<p>This is a part of the <a href="rsyslog_conf.html">rsyslog.conf documentation</a>
+of the <a href="property_replacer.html">property replacer</a>.</p>
+<p><b>The "nomatch-Mode" specifies which string the property replacer
+shall return if a regular expression did not find the search string.</b>. Traditionally,
+the string "**NO MATCH**" was returned, but many people complained this was almost never useful.
+Still, this mode is support as "<b>DFLT</b>" for legacy configurations.
+<p>Two additional and potentially useful modes exist: in one (<b>BLANK</b>) a blank string
+is returned. This is probably useful for inserting values into databases where no
+value shall be inserted if the expression could not be found. A use case may be
+that you record a traffic log based on firewall rules and the "bytes transmitted" counter
+is extracted via a regular expression. If no "bytes transmitted" counter is available
+in the current message, it is probably a good idea to return an empty string, which the
+database layer can turn into a zero.
+<p>The other mode is "<b>FIELD</b>", in which the complete field is returned. This may be useful
+in cases where absense of a match is considered a failure and the message that triggered
+it shall be logged.
+<p>If in doubt, <b>it is highly suggested to use the
+<a href="http://www.rsyslog.com/tool-regex">rsyslog online regular expression
+checker and generator</a> to see these options in action</b>. With that online tool,
+you can craft regular expressions based on samples and try out the different modes.
+
+<p>[<a href="manual.html">manual index</a>]
+[<a href="rsyslog_conf.html">rsyslog.conf</a>]
+[<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
+<p><font size="2">This documentation is part of the
+<a href="http://www.rsyslog.com/">rsyslog</a> project.<br>
+Copyright &copy; 2008 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and
+<a href="http://www.adiscon.com/">Adiscon</a>. Released under the GNU GPL
+version 2 or higher.</font></p>
+</body>
+</html>
+
+