From b4729996790c0f7a0b2758d9ee809b7cc10dec8f Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Mon, 10 Nov 2008 09:57:49 +0100 Subject: doc update: documented how to specify multiple property replacer options abd link to new online regex generator tool added --- doc/property_replacer.html | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'doc/property_replacer.html') diff --git a/doc/property_replacer.html b/doc/property_replacer.html index 367c8add..0b4f1a01 100644 --- a/doc/property_replacer.html +++ b/doc/property_replacer.html @@ -231,6 +231,13 @@ the full field if no match is found:

%msg:R,ERE,1,FIELD:for (vlan[0-9]*):--end%

and this takes the first submatch of the second match of said expression:

%msg:R,ERE,1,FIELD,1:for (vlan[0-9]*):--end% +

Please note: there is also a +rsyslog regular expression checker/generator +online tool available. With that tool, you can check your regular expressions and +also generate a valid property replacer sequence. Usage of this tool is recommended. +Depending on the version offered, the tool may not cover all subleties that can +be done with the property replacer. It concentrates on the most often used cases. So it +is still useful to hand-craft expressions for demanding environments.

Also, extraction can be done based on so-called "fields". To do so, place a "F" into FromChar. A field in its current definition is anything that is delimited by a delimiter @@ -347,6 +354,10 @@ Useful for secure pathname generation (with dynafiles). +

To use multiple options, simply place them one after each other with a comma delmimiting +them. For example "escape-cc,sp-if-no-1st-sp". If you use conflicting options together, +the last one will override the previous one. For example, using "escape-cc,drop-cc" will +use drop-cc and "drop-cc,escape-cc" will use escape-cc mode.

Further Links