Philip Hazel wrote:
> On Thu, 23 Nov 2006, Chris Lightfoot wrote:
>
>>On Thu, Nov 23, 2006 at 05:02:40PM +0100, Stanislaw Halik wrote:
>>
>>>I'm having a problem with log parsing. I'm trying to take some
>>>assumptions, I'd like you to correct or confirm them.
>>>
>>>Field `H=' contains connecting host name. If host doesn't resolve and
>>
>> [...]
>>
This is (a fragment of) the regex I'm currently using to parse this:
It seems to work for me ...
^(\d{4}-\d{2}-\d{2}) (\d{2}:\d{2}:\d{2}) H=(([^(]+) )?(\((\S+)\) )?\[(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\]:(\d{1,5}) ...
date time host helo IP-Address port
I'm using:
log_selector = +incoming_port
Would anyone like to comment if that is doing what it is supposed to?
- Karl
