integer with trailing dot recognized as float

zentures / sequence

(Unmaintained) High performance sequential log analyzer and parser

http://sequencer.io

517 stars 72 forks source link

integer with trailing dot recognized as float #3

Closed cryptix closed 9 years ago

cryptix commented 9 years ago

Hi,

i can't match the port at the end of this message.

msg:
Feb 06 15:56:09 higgs sshd[902]: Server listening on 0.0.0.0 port 22.

rule:
%msgtime% %apphost% %appname% [ %sessionid% ] : Server listening on %srcipv4% port %integer% .

It's a minor issue in this simple case but it's a bit confusing while writing rules.

zhenjl commented 9 years ago

Yes, that's definitely a problem. Have to figure out a good way to recognize that without doing too much forward looking (otherwise performance will get hammered.) Let me keep this open for now and think about it.