Search code examples
regexlinuxgrepsyslog

Grep syslog configuration for remote logging entries

I would like to grep my rsyslog configuration file to check if there are remote logging entries configured.

The lines I'd like grep to bring are as follows:

auth.*,authpriv.*               @loghost.example.com:10514 # One "@" means UDP
*.*                             @@loghost.example.com      # Two "@" means TCP

So far I have managed to produce the following regex which brings me only the lines that begin with a set of letters or an asterisk, folloqed by a dot then another set of characters or an asterisk:

grep "^[A-Za-z|*]*\.[A-Za-z|*]" /etc/rsyslog.conf

How do I get grep to identify the rest of the line correctly? Since the line could be then followed by a comma, more stuff, a sequence of spaces and a "@" sign or it could be followed by a sequence of spaces and an "@" sign.

Edit: What I can get so far with my current regex:

[root@RHEL7lab /]# grep "^[A-Za-z|*]*\.[A-Za-z|*]" /etc/rsyslog.conf
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 :omusrmsg:*
auth.*,authpriv.*               @loghost.example.com:10514 # One "@" means UDP
*.*                             @@loghost.example.com      # Two "@" means TCP
[root@RHEL7lab /]#

I want a regex that would only produce the last two lines shown above.

I have had success piping it to another grep as follows:

[root@RHEL7lab /]# grep "^[A-Za-z|*]*\.[A-Za-z|*]" /etc/rsyslog.conf | grep "\s@"
auth.*,authpriv.*               @loghost.example.com:10514 # One "@" means UDP
*.*                             @@loghost.example.com      # Two "@" means TCP
[root@RHEL7lab /]#

But I think it might me possible to do it in just one, I just lack the skills.

Solution

  • You may match the lines that start with alphanumeric, * or . chars, then can have 0+ chars other than whitespace, and then having @ after any 1+ whitespace characters:

    grep -E '^[[:alnum:]*.]+[^[:space:]]*[[:space:]]+@' file

    See the regex demo.

    A bit more specific regex will look like

    grep -E '^([[:alnum:]]+|\*)\.([[:alnum:]]+|\*)[^[:space:]]*[[:space:]]+@' file

    See this regex demo.

    Pattern details

    • ^ - start of string
    • [[:alnum:]*.]+ - 1 or more characters that are either alphanumeric, * or .
    • ([[:alnum:]]+|\*) - 1+ alphanumeric chars or a * symbol
    • \. - a dot
    • ([[:alnum:]]+|\*) - 1+ alphanumeric chars or a * symbol
    • [^[:space:]]* - 0+ chars other than whitespace chars
    • [[:space:]]+ - 1+ whitespace chars
    • @ - a @ char.

    Note that -E option allows using POSIX ERE syntax (no need to escape +, e.g.).