* svlogd pattern documentation
@ 2005-12-09 9:18 Joshua N Pritikin
2005-12-09 14:37 ` Gerrit Pape
0 siblings, 1 reply; 3+ messages in thread
From: Joshua N Pritikin @ 2005-12-09 9:18 UTC (permalink / raw)
[-- Attachment #1: Type: text/plain, Size: 1566 bytes --]
I've read the PATTERN MATCHING section of the svlogd man pages a few
times and I'm still confused. Since I am well versed in perl regex and
extended regex, I'm pretty sure that I'm confused because the
documentation is poorly written, not because I'm dumb.
So let's take a look:
pattern is applied to the log message one character by
one, starting with the first.
Uhm, I think this first sentence can just be removed. If the reader
doesn't know what a pattern is then refer them to the sed info page.
Perhaps: "An svlogd pattern is similar to a grep or sed regexp, except
much simpler."
A character not a star (``*'') and not a plus (``+'') matches itself.
OK
A plus matches the next character in pattern in the log message
one or more times.
Huh? Isn't the reverse of how it usually works?
Pattern +abc matches aaabc? In other tools, the pattern is written
'a+bc'. Clarify please.
A star before the end of pattern
matches any string in the log message that does not
include the next character in pattern. A star at the end
of pattern matches any string.
What about a star at the beginning of the pattern? No effect?
Some examples would really help. How do I deselect all lines containing
"File does not exist" such as:
2005-12-09_06:24:23.99609 [Fri Dec 09 06:24:23 2005] [error] [client
84.73.105.43] File does not exist: /home/ohl/ohl-v2/htdocs/xmlrpc.php
Like this?
-*File does not exist*
--
Make April 15 just another day, visit http://fairtax.org
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: svlogd pattern documentation
2005-12-09 9:18 svlogd pattern documentation Joshua N Pritikin
@ 2005-12-09 14:37 ` Gerrit Pape
2005-12-09 17:44 ` Joshua N Pritikin
0 siblings, 1 reply; 3+ messages in thread
From: Gerrit Pape @ 2005-12-09 14:37 UTC (permalink / raw)
On Fri, Dec 09, 2005 at 02:48:30PM +0530, Joshua N Pritikin wrote:
> A character not a star (``*'') and not a plus (``+'') matches itself.
>
> OK
>
> A plus matches the next character in pattern in the log message
> one or more times.
>
> Huh? Isn't the reverse of how it usually works?
>
> Pattern +abc matches aaabc? In other tools, the pattern is written
> 'a+bc'. Clarify please.
You're right.
> A star before the end of pattern
> matches any string in the log message that does not
> include the next character in pattern. A star at the end
> of pattern matches any string.
>
> What about a star at the beginning of the pattern? No effect?
Sure an effect: it matches any string in the log message that does not
include the next character in pattern.
> Some examples would really help. How do I deselect all lines containing
> "File does not exist" such as:
>
> 2005-12-09_06:24:23.99609 [Fri Dec 09 06:24:23 2005] [error] [client
> 84.73.105.43] File does not exist: /home/ohl/ohl-v2/htdocs/xmlrpc.php
>
> Like this?
>
> -*File does not exist*
No, this doesn't match. It stops after '[Fr'.
This, for example, does:
-[*] [*] [*] File does not exist: *
Regards, Gerrit.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: svlogd pattern documentation
2005-12-09 14:37 ` Gerrit Pape
@ 2005-12-09 17:44 ` Joshua N Pritikin
0 siblings, 0 replies; 3+ messages in thread
From: Joshua N Pritikin @ 2005-12-09 17:44 UTC (permalink / raw)
[-- Attachment #1: Type: text/plain, Size: 1402 bytes --]
OK, here is my suggestion for rewriting the man page:
svlogd matches a log message against a string pattern. The pattern
rules are similar to grep except that svlogd patterns are much simpler
than grep regexp.
= A character not a star (``*'') and not a plus (``+'') matches
itself.
= A plus matches the next character in pattern in the log message one
or more times. For example, the pattern +abc matches aaabc. Note that
with grep, the same pattern would be written as a+bc. svlogd is
different.
= A star before the end of the pattern matches any string in the
log message that does not include the next character in pattern. A
star at the end of pattern matches any string. (In perl terminology,
the svlogd star works like a non-greedy wildcard match .*?.)
An svlogd pattern is not really a regular expression because there is
no backtracking. To see what this means, consider a line like this:
[Fri Dec 09 06:24:23 2005] [error] [client 84.73.105.43] File does not exist: /home/ohl/ohl-v2/htdocs/xmlrpc.php
The following pattern doesn't match:
-*File does not exist*
Why? Because svlogd doesn't backtrack. The star matches up to the
first F in Fri then the match fails because i != r. Once the match
fails, it fails. To match the line, you can use something like the
following pattern instead:
-[*] [*] [*] File does not exist: *
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-12-09 17:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-12-09 9:18 svlogd pattern documentation Joshua N Pritikin
2005-12-09 14:37 ` Gerrit Pape
2005-12-09 17:44 ` Joshua N Pritikin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).