Am 08.07.14 18:02, schrieb Tusa Viktor:
Hi!
I think, the negative notation could solve this situation eg.: $MACRO@-N would mean the first Nth message in the context and not the last Nth. I checked the code and it is not terrible hard to implement. I can make a PoC for you in the next week, if you would like to test it.
Regards, Viktor Thanks Victor, that sounds like a very promising solution and I am more than happy to test it. Auto-applying a patch to my 3.4.7 version is not really hard as I use gentoo and its emerge system to re-install ebuilds is very flexible given that gentoo is a source based distribution. The only thing is that I would prefer to stick to version 3.4.7 for my testst as this is the latest stable version available for gentoo. I hope that also works out for you.
I am looking forward to your patch whenever you have a chance to make it happen. Many thanks Atom2
On Tue, Jul 8, 2014 at 11:54 AM, Fabien Wernli <wernli@in2p3.fr <mailto:wernli@in2p3.fr>> wrote:
Hi,
I'm AFK for a while but did you check out the `grep` template function?
Thanks Fabien, I haven't checked your suggested grep template function yet and to be honest, up to your kind suggestion, I was not even aware of any such tenplate. Having looked at the documentation and assuming that I have fully understood it, I am however not sure whether it would be the best solution for at least the following two reasons: 1) I guess it might not be very efficient for a largish contexts as grep needs to search through all messages within the context which might be processing intensive and 2) If the same named macro is available in more than one message within the context (which is the case in my patterndb), I would get a comma-seperated list of (identical) values which would require further processing to extract only one of the values delivered by the tempate. I am sure that could somehow be sorted, but Victor's extension described above seems to be easier on the outset and it might also be of interest to others. Having said that, your approach is really creative and I have learned something new. Many thanks for that. Atom2
Cheers ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq