1

I want to redirect the following messages into the log file:

"[example]:[foo][bar]: "
"[example]:[foo][hello]: "
"[example]:[foo][world]: "
"[example]:[foo][other]: "
"[example]:[foo][text]: "

The content in the 3rd field is dynamic text which contains lowercase [a-z] only:

"[example]:[foo][.*]: "

It works if I create the rsyslog conf file with the "contains" keyword:

:msg, contains, "[example]:[foo]" -/var/log/example.log

But the following regex is not work at all, no any message is logged:

:msg, regex, "\[example\]\:\[foo\]\[.*\]\:\ " -/var/log/example.log

What's wrong in my regex?

How to write the correct regex for matching the above messages with including all required fields?

Improve this question

1 Answer 1

Reset to default
2

The problem is that there are two stages in the processing of the filter command, and each one interprets backslash escapes. The result is that if you want to match a literal [ then your regex pattern is \[, but you need to escape the backslash since you are providing the pattern as a string, so have to use \\[.

You don't need to escape :, ], nor space, so you can use

:msg, regex, "\\[example]:\\[foo]\\[.*]: " -/var/log/example.log
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.