Types and options of regular expressions
By default, syslog-ng uses PCRE-style regular expressions. To use other expression types, add the type() option after the regular expression.
The syslog-ng OSE application supports the following expression types:
pcre
Description: Use Perl Compatible Regular Expressions (PCRE). If the type() parameter is not specified, syslog-ng uses PCRE regular expressions by default.
PCRE regular expressions have the following flag options:
global:
Usable only in rewrite rules: match for every occurrence of the expression, not only the first one.
store-matches:
Store the matches of the regular expression into the $0, ... $255 variables. The $0 stores the entire match, $1 is the first group of the match (parentheses), and so on. Named matches (also called named subpatterns), for example (?<name>...), are stored as well. Matches from the last filter expression can be referenced in regular expressions.
unicode:
Use Unicode support for UTF-8 matches: UTF-8 character sequences are handled as single characters.
string
Description: Match the strings literally, without regular expression support. By default, only identical strings are matched. For partial matches, use the flags("prefix") or the flags("substring") flags.
glob
Description: Match the strings against a pattern containing '*' and '?' wildcards, without regular expression and character range support. The advantage of glob patterns to regular expressions is that globs can be processed much faster.
- *
-
matches an arbitrary string, including an empty string
- ?
-
matches an arbitrary character
|
|
NOTE:
|
