diff options
Diffstat (limited to 'doc/property_replacer.html')
| -rw-r--r-- | doc/property_replacer.html | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/doc/property_replacer.html b/doc/property_replacer.html index f666fb76..c2a0c0d2 100644 --- a/doc/property_replacer.html +++ b/doc/property_replacer.html @@ -240,10 +240,11 @@ that the first match is number 0, the second 1 and so on. Up to 10 matches (up to number 9) are supported. Please note that it would be more natural to have the match-number in front of submatch, but this would break backward-compatibility. So the match-number must be specified after "nomatch". -<p>nomatch is either "DFLT", "BLANK" or "FIELD" (all upper case!). It tells +<p>nomatch is either "DFLT", "BLANK", ZERO or "FIELD" (all upper case!). It tells what to use if no match is found. With "DFLT", the strig "**NO MATCH**" is used. This was the only supported value up to rsyslog 3.19.5. With "BLANK" -a blank text is used (""). Finally, "FIELD" uses the full property text +a blank text is used (""). With "ZERO", "0" is used. +Finally, "FIELD" uses the full property text instead of the expression. Some folks have requested that, so it seems to be useful. <p>The following is a sample of an ERE expression that takes the first @@ -252,6 +253,13 @@ the full field if no match is found: <p>%msg:R,ERE,1,FIELD:for (vlan[0-9]*):--end% <p>and this takes the first submatch of the second match of said expression: <p>%msg:R,ERE,1,FIELD,1:for (vlan[0-9]*):--end% +<p><b>Please note: there is also a +<a href="http://www.rsyslog.com/tool-regex">rsyslog regular expression checker/generator</a> +online tool available.</b> With that tool, you can check your regular expressions and +also generate a valid property replacer sequence. Usage of this tool is recommended. +Depending on the version offered, the tool may not cover all subleties that can +be done with the property replacer. It concentrates on the most often used cases. So it +is still useful to hand-craft expressions for demanding environments. <p><b>Also, extraction can be done based on so-called "fields"</b>. To do so, place a "F" into FromChar. A field in its current definition is anything that is delimited by a delimiter @@ -390,6 +398,10 @@ Useful for secure pathname generation (with dynafiles). </tr> </tbody> </table> +<p>To use multiple options, simply place them one after each other with a comma delmimiting +them. For example "escape-cc,sp-if-no-1st-sp". If you use conflicting options together, +the last one will override the previous one. For example, using "escape-cc,drop-cc" will +use drop-cc and "drop-cc,escape-cc" will use escape-cc mode. <h2>Further Links</h2> <ul> <li>Article on "<a href="rsyslog_recording_pri.html">Recording |