Craig Cook wrote:
While we are asking questions about the pcre handling...
Has anyone managed to use a rule with spaces?
ie.
LOG /var/log/syslog "%disk full" COLOR=red
I have tried using quotes, escaping quotes, escaping spaces, etc. Nothing has worked. Reduced to individual words to get something working.
Craig Cook
--
Systems Monitoring Consulting and Support Services
http://www.cookitservices.com
Spaces should work but we use \s to represent spaces.
Example:
LOG /var/adm/messages.da %(?-i)Fail|fail|On\sbattery|AC\sline\sfault|Replace\sbattery|Battery\snot COLOR=yellow
The (?-i) tells pcre to turn case-sensitive pattern matching on.
Dominique
UNIL - University of Lausanne