The Tivoli Log File Agent extracts information from system log messages and then matches different log messages to event classes. A format file serves as a lookup file for matching log messages to event classes, telling the event class what to read, what to match, and how to format the data.
When the format file is used as a lookup file, all format specifications in the file are compared from the beginning to the end of the file. When two classes match or there are multiple matching classes for a message, the first expression from the end that matches is used. If no match is found, the event is discarded. A discarded event is written to the unmatch log if it is defined in the .conf file.
In this chapter, the regular expression syntax that you use to create patterns to match log messages and events is described. Regular expression-filtering support is provided by using the International Components for Unicode (ICU) libraries to check whether the attribute value examined matches the specified pattern.
For more information about using regular expressions, see http://userguide.icu-project.org/strings/regexp.