From b4729996790c0f7a0b2758d9ee809b7cc10dec8f Mon Sep 17 00:00:00 2001
From: Rainer Gerhards
%msg:R,ERE,1,FIELD:for (vlan[0-9]*):--end%
and this takes the first submatch of the second match of said expression:
%msg:R,ERE,1,FIELD,1:for (vlan[0-9]*):--end% +
Please note: there is also a +rsyslog regular expression checker/generator +online tool available. With that tool, you can check your regular expressions and +also generate a valid property replacer sequence. Usage of this tool is recommended. +Depending on the version offered, the tool may not cover all subleties that can +be done with the property replacer. It concentrates on the most often used cases. So it +is still useful to hand-craft expressions for demanding environments.
Also, extraction can be done based on so-called "fields". To do so, place a "F" into FromChar. A field in its current definition is anything that is delimited by a delimiter @@ -347,6 +354,10 @@ Useful for secure pathname generation (with dynafiles). +
To use multiple options, simply place them one after each other with a comma delmimiting +them. For example "escape-cc,sp-if-no-1st-sp". If you use conflicting options together, +the last one will override the previous one. For example, using "escape-cc,drop-cc" will +use drop-cc and "drop-cc,escape-cc" will use escape-cc mode.