This chapter lists regular expressions supported by syslog-ng Open Source Edition (syslog-ng OSE) and their available supported type() and flags() options.
By default, syslog-ng OSE uses PCRE-style regular expressions. To use other expression types, add the type() option after the regular expression.
The syslog-ng OSE application supports the following regular expression type() options:
By default, syslog-ng OSE uses PCRE-style regular expressions, which are supported on every platform starting with syslog-ng OSE version 3.1. To use other expression types, add the type() option after the regular expression.
The syslog-ng OSE application supports the following type() options:
Description: Uses Perl Compatible Regular Expressions (PCRE). If the type() parameter is not specified, syslog-ng OSE uses PCRE regular expressions by default.
For more information about the flags() options of PCRE regular expressions, see The flags() options of regular expressions.
Description: Matches the strings literally, without regular expression support. By default, only identical strings are matched. For partial matches, use the flags("prefix") or the flags("substring") flags.
For more information about the flags() options of literal string searches, see The flags() options of regular expressions.
Description: Matches the strings against a pattern containing * and ? wildcards, without regular expression and character range support. The advantage of glob patterns to regular expressions is that globs can be processed much faster.
*: matches an arbitrary string, including an empty string
?: matches an arbitrary character
The wildcards can match the / character.
You cannot use the * and ? literally in the pattern.
Similarly to the type() options, the flags() options are also optional within regular expressions.
The following list describes each type() option's flags() options.
Starting with syslog-ng OSE version 3.1, PCRE expressions are supported on every platform. If the type() parameter is not specified, syslog-ng OSE uses PCRE regular expressions by default.
The following example shows the structure of PCRE-style regular expressions in use.
rewrite r_rewrite_subst { subst("a*", "?", value("MESSAGE") flags("utf8" "global")); };
PCRE-style regular expressions have the following flags() options:
Usable only in rewrite rules, flags("global") matches for every occurrence of the expression, not only the first one.
When configured, it changes the newline definition used in PCRE regular expressions to accept either of the following:
This newline definition is used when the circumflex and dollar patterns (^ and $) are matched against an input. By default, PCRE interprets the linefeed character as indicating the end of a line. It does not affect the \r, \n or \R characters used in patterns.
Stores the matches of the regular expression into the $0, ... $255 variables. The $0 stores the entire match, $1 is the first group of the match (parentheses), and so on. Named matches (also called named subpatterns), for example, (?<name>...), are stored as well. Matches from the last filter expression can be referenced in regular expressions.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center