regex - Rsyslog Template with regex won't verify

问题描述

I'm writing a simple template to pull IPs out of a log file being processed by rsyslog. I've checked the format across their documentation and run the regex through their own regex checker which it validated. But once I try to run rsyslog's validator across it, it fails with

rsyslogd: error during parsing file /etc/rsyslog.d/30-waf.conf, on or before line 6: invalid character '"' in object definition - is there an invalid escape sequence somewhere? [v8.16.0 try http://www.rsyslog.com/e/2207 ]
rsyslogd: error during parsing file /etc/rsyslog.d/30-waf.conf, on or before line 6: invalid character '0' in object definition - is there an invalid escape sequence somewhere? [v8.16.0 try http://www.rsyslog.com/e/2207 ]
rsyslogd: error during parsing file /etc/rsyslog.d/30-waf.conf, on or before line 6: invalid character '-' in object definition - is there an invalid escape sequence somewhere? [v8.16.0 try http://www.rsyslog.com/e/2207 ]
rsyslogd: error during parsing file /etc/rsyslog.d/30-waf.conf, on or before line 6: invalid character '9' in object definition - is there an invalid escape sequence somewhere? [v8.16.0 try http://www.rsyslog.com/e/2207 ]
rsyslogd: error during parsing file /etc/rsyslog.d/30-waf.conf, on or before line 6: syntax error on token ']' [v8.16.0 try http://www.rsyslog.com/e/2207 ]

Here is my .conf file...

template(name="waftest" type="list") {<br>
    property(name="msg"<br>
        regex.type="ERE"<br>
        regex.submatch="0"<br>
        regex.expression="[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"<br>
        regex.nomatchmode="BLANK"<br>
        )<br>
}<p>

local1.*action(type="omfile" file="/var/log/FTD/waftest.log");waftest

It seems relatively simple and yet I must be missing something.

标签： regexposixrsyslog