Hello,

I want to emphasise that the *if* is a superior solution.

Here is a gist just for your academic exercise: https://gist.github.com/Kokan/6f1cec10d1053e9b67123c22342947de

--
Kokan

On Tue, Mar 26, 2019 at 8:45 PM Faine, Mark R. (MSFC-IS40)[NICS] <mark.faine@nasa.gov> wrote:
What is the conversion of an if/else to embedded log path statements?

I tried to do this today and didn't have any luck so I reverted back to if/else.

I have a log statement with a series of if/else blocks:

log {
  source(pan_splunk);
  if {
    filter { host("^[a-z]+\.foo.*$")    or
      netmask('192.168.1.100/32')   or
      netmask('192.168.1.101/32');
    };
    rewrite {
      set("foo" value("location"));
    };
  } elif {
    filter { host("^[a-z]+\.bar.*$")    or
      netmask('192.168.1.102/32')   or
      netmask('192.168.1.103/32');
   };
  } else {
    rewrite {
      set("unknown" value("location"));
   };
}

Can this be written with embedded log statements?   The if/else blocks are working for me so this is just an academic exercise but I'd really like to understand how to do it with embedded log paths.

Thanks,
-Mark

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq