props.conf
[log1]
BREAK_ONLY_BEFORE = \w+\s+\w+\s+\d+\s+\d+\:\d+\:\d+\s+\w+\s+\d+
DATETIME_CONFIG =
NO_BINARY_CHECK = true
category = Custom
pulldown_type = true
Below is my sample event, we need to break line after the first line.
Wed Mar 15 10:17:32 CDT 2017 ---------break the line
Config Path= /etc/httpd/conf/httpd.conf
Certificate Location= /etc/httpd/conf.d/com/com.crt
notBefore=Jul 6 00:00:00 2016 GMT
notAfter=Jul 6 23:59:59 2017 GMT
subject= /C=US/postalCode=00000/ST=Confgtyre/L=Norwalk/street=123 ABC Avenue/O=XYZ Services/OU=World Headquarters/OU=Issued through XYZ Services E-PKI Manager/OU=InstantSSL/CN=services.xYZ
issuer= /C=GB/ST=Greater Missouri/L=Salford/O=COMODO CA Limited/CN=DO XYZ Organization Validation Secure Server PA
I have written the regular expression to break the line but its not doing it.
\w+\s+\w+\s+\d+\s+\d+\:\d+\:\d+\s+\w+\s+\d+
↧
