11.3.1. Types and options of regular expressions

By default, syslog-ng uses PCRE-style regular expressions. To use other expression types, add the type() option after the regular expression.

The syslog-ng OSE application supports the following expression types:

posix

Description: Use POSIX regular expressions.

Posix regular expressions have the following flag options:

global: Usable only in rewrite rules: match for every occurrence of the expression, not only the first one.

ignore-case: Disable case-sensitivity.

store-matches: Store the matches of the regular expression into the $0, ... $255 variables. The $0 stores the entire match, $1 is the first group of the match (parentheses), and so on. Matches from the last filter expression can be referenced in regular expressions.

utf8: Use UTF-8 matching.

Example 11.27. Using Posix regular expressions
filter f_message { message("keyword" type("posix") flags("utf8" "ignore-case") ); };

pcre

Description: Use Perl Compatible Regular Expressions (PCRE). If the type() parameter is not specified, syslog-ng uses PCRE regular expressions by default.

PCRE regular expressions have the following flag options:

global: Usable only in rewrite rules: match for every occurrence of the expression, not only the first one.

ignore-case: Disable case-sensitivity.

store-matches: Store the matches of the regular expression into the $0, ... $255 variables. The $0 stores the entire match, $1 is the first group of the match (parentheses), and so on. Named matches (also called named subpatterns), for example (?<name>...), are stored as well. Matches from the last filter expression can be referenced in regular expressions.

unicode: Use Unicode support for UTF-8 matches: UTF-8 character sequences are handled as single characters.

utf8: An alias for the unicode flag.

Example 11.28. Using PCRE regular expressions
rewrite r_rewrite_subst
        {subst("a*", "?", value("MESSAGE") flags("utf8" "global"));  };

string

Description: Match the strings literally, without regular expression support. By default, only identical strings are matched. For partial matches, use the flags("prefix") or the flags("substring") flags.

glob

Description: Match the strings against a pattern containing '*' and '?' wildcards, without regular expression and character range support. The advantage of glob patterns to regular expressions is that globs can be processed much faster.

*

matches an arbitrary string, including an empty string

?

matches an arbitrary character

Note
  • The wildcards can match the / character.

  • You cannot use the * and ? literally in the pattern.