Trying to extract a field in rsyslog using regex with no luck
Question
Here is the data:
DROP IN=eth0 OUT= MAC=00:00:64:34:65:f8:00:00:5c:6f:36:46:08:00 SRC=6.6.73.64 DST=45.45.89.250 LEN=40 TOS=0x00 PREC=0x20 TTL=235 ID=2329 PROTO=TCP
I'm trying to extract values from the variables such as IN, MAC, SRC, etc.
I successfully used in SED or various REGEX simulators:
(?<=\sIN=)(.*?)(?=\s)
But when attempting to use it in rsyslog template configuration it seems to fail because data stops being sent:
property(outname="IN" name="msg" regex.expression="(?<=\sIN=)(.*?)(?=\s)" regex.submatch="1" regex.type="ERE" format="jsonf" onEmpty="keep")
This appears to be a problem specific to rsyslog .
1 answers
solution1
0 2022-11-13 11:05:39
With ERE:
[^[:space:]=]+=([^[:space:]]+)
According to the comments, the full working command:
property(outname="IN" name="msg" regex.expression="IN=([^[:space:]]*)" regex.submatch="1" regex.type="ERE" format="jsonf" onEmpty="skip")
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Trying to extract a string using regex
Trying to extract a piece of html code using regex
Trying to extract strings using regex - Python
Java extract field delimited substring using regex
Extract values field from JSON using regex
sed search and extract specific field using regex
Just having no luck with this regex
Trying to extract value with Regex
regex for rsyslog to exclude a pattern
Extract email field with regex
Related Tags