Thanks, that does help and I am putting in a fallback log path as the last log path. I think junction/channel is very difficult to understand. If/else is probably the easiest, log paths aren’t that bad, but junction/channel is very unintuitive to me.

Thanks,

-Mark

Mark Faine

System Administrator

SAIC/NICS

215 Wynn Dr. 5065

Huntsville, AL 35805

256-961-1295 (Desk)

256-617-4861 (Work Cell)

From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> On Behalf Of Nagy, Gábor
Sent: Friday, May 17, 2019 3:13 AM
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Subject: Re: [syslog-ng] Multiple log statements vs If/else

Hi Mark!

Sorry for answering after a long time.

> I am curious about how the declaration order matters. My understanding is that each message will be evaluated for a match on each log statement in the order that they appear in the file and only when it hits a log statement with a final flag will it stop attempting to match. Is that correct?

Yes. :)

As Fabien mentioned, a "fallback" log path would be need to not drop unprocessed log messages.

> ... it seems like to me that if they aren’t different it would be easier to do multiple log statements if generated dynamically.

A config with many log paths would be easy to generate, but hard to read/maintain.

If you find if-else config hard to generate from code, you can use the junction/channel with final flags too. Just make sure you have a fallback channel too.

Regards,

Gabor