<div dir="ltr">Hello,<div><br></div><div>I want to emphasise that the *if* is a superior solution.</div><div><br></div><div>Here is a gist just for your academic exercise: <a href="https://gist.github.com/Kokan/6f1cec10d1053e9b67123c22342947de">https://gist.github.com/Kokan/6f1cec10d1053e9b67123c22342947de</a></div><div><br></div><div>--</div><div>Kokan</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Mar 26, 2019 at 8:45 PM Faine, Mark R. (MSFC-IS40)[NICS] <<a href="mailto:mark.faine@nasa.gov">mark.faine@nasa.gov</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">What is the conversion of an if/else to embedded log path statements?<br>
<br>
I tried to do this today and didn't have any luck so I reverted back to if/else.<br>
<br>
I have a log statement with a series of if/else blocks:<br>
<br>
log {<br>
  source(pan_splunk);<br>
  if { <br>
    filter { host("^[a-z]+\.foo.*$")    or<br>
      netmask('<a href="http://192.168.1.100/32" rel="noreferrer" target="_blank">192.168.1.100/32</a>')   or<br>
      netmask('<a href="http://192.168.1.101/32'" rel="noreferrer" target="_blank">192.168.1.101/32'</a>);<br>
    };<br>
    rewrite {<br>
      set("foo" value("location"));<br>
    };<br>
  } elif { <br>
    filter { host("^[a-z]+\.bar.*$")    or<br>
      netmask('<a href="http://192.168.1.102/32" rel="noreferrer" target="_blank">192.168.1.102/32</a>')   or<br>
      netmask('<a href="http://192.168.1.103/32'" rel="noreferrer" target="_blank">192.168.1.103/32'</a>); <br>
   };<br>
  } else {<br>
    rewrite {<br>
      set("unknown" value("location"));<br>
   };<br>
}<br>
<br>
Can this be written with embedded log statements?   The if/else blocks are working for me so this is just an academic exercise but I'd really like to understand how to do it with embedded log paths.<br>
<br>
Thanks,<br>
-Mark<br>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>