From 249b27952a9faea95662eb230f4c86a0db874fe5 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Tue, 11 Nov 2008 11:38:37 +0100 Subject: improved doc on property replacer regular expressions --- doc/property_replacer.html | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'doc/property_replacer.html') diff --git a/doc/property_replacer.html b/doc/property_replacer.html index 34e2116c..9ea41aed 100644 --- a/doc/property_replacer.html +++ b/doc/property_replacer.html @@ -229,7 +229,7 @@ sequence with a regular expression is: "%msg:R:.*Sev:. \(.*\) \[.*--end%"

It is possible to specify some parametes after the "R". These are comma-separated. They are: -

R,<regexp-type>,<submatch>,<nomatch>,<match-number> +

R,<regexp-type>,<submatch>,<nomatch>,<match-number>

regexp-type is either "BRE" for Posix basic regular expressions or "ERE" for extended ones. The string must be given in upper case. The default is "BRE" to be consistent with earlier versions of rsyslog that @@ -241,12 +241,8 @@ that the first match is number 0, the second 1 and so on. Up to 10 matches (up to number 9) are supported. Please note that it would be more natural to have the match-number in front of submatch, but this would break backward-compatibility. So the match-number must be specified after "nomatch". -

nomatch is either "DFLT", "BLANK" or "FIELD" (all upper case!). It tells -what to use if no match is found. With "DFLT", the strig "**NO MATCH**" is -used. This was the only supported value up to rsyslog 3.19.5. With "BLANK" -a blank text is used (""). Finally, "FIELD" uses the full property text -instead of the expression. Some folks have requested that, so it seems -to be useful. +

nomatch specifies what should +be used in case no match is found.

The following is a sample of an ERE expression that takes the first submatch from the message string and replaces the expression with the full field if no match is found: -- cgit