I have the following message:
Apr 12 12:48:02 poe true: sudo: nagios : command not allowed ; TTY=unknown ; PWD=/var/log/nagios;
How do I make a regex that looks for the word Sudo or Command but not to look for the word true? Reason being I have other messages that have just the words sudo and command and i’m not interested in viewing the messages with the combination of those 2 words with that 3rd word. I have so far tried:
Both of them failed to exlcude the word that I don’t want. Basically I want the resultant set to not consist of those messages that would have word3 along with word1 and word2 but want the resultant set to have either word1 or word2.