Hello, I want to emphasise that the *if* is a superior solution. Here is a gist just for your academic exercise: https://gist.github.com/Kokan/6f1cec10d1053e9b67123c22342947de -- Kokan On Tue, Mar 26, 2019 at 8:45 PM Faine, Mark R. (MSFC-IS40)[NICS] < mark.faine@nasa.gov> wrote:
What is the conversion of an if/else to embedded log path statements?
I tried to do this today and didn't have any luck so I reverted back to if/else.
I have a log statement with a series of if/else blocks:
log { source(pan_splunk); if { filter { host("^[a-z]+\.foo.*$") or netmask('192.168.1.100/32') or netmask('192.168.1.101/32'); }; rewrite { set("foo" value("location")); }; } elif { filter { host("^[a-z]+\.bar.*$") or netmask('192.168.1.102/32') or netmask('192.168.1.103/32'); }; } else { rewrite { set("unknown" value("location")); }; }
Can this be written with embedded log statements? The if/else blocks are working for me so this is just an academic exercise but I'd really like to understand how to do it with embedded log paths.
Thanks, -Mark
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq