Could you please give an example of using 'context-length' condition? I wonder if I can use it for sending an alert to monitoring system when there are more than 'N' exceptions per 'T' second are sent by my app hosts. On Sun, Apr 14, 2013 at 5:30 AM, Evan Rempel <erempel@uvic.ca> wrote:
As of 2 days ago a new syslog-ng guide was published that now documents this :-)
Slightly different syntax
<action condition='"$(context-length)" >= "$max"'>
Works like a charm.
Also, it isn't specified that <tag>xxx</tag> can be in the <message> part of an action.
syslog-ng never stops amazing me.
Evan. ________________________________________ From: syslog-ng-bounces@lists.balabit.hu [ syslog-ng-bounces@lists.balabit.hu] on behalf of Gergely Nagy [ algernon@balabit.hu] Sent: Saturday, April 13, 2013 5:32 AM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] min and max message count condition in correlation actions
Evan Rempel <erempel@uvic.ca> writes:
so the syntax would be
<action condition="$(context-length) == $num">
wher $num is some macro from the pattern used to match a line.
Is that correct?
$num can be pretty much anything: a number, a macro, another template function - it is entirely up to you. It does not need to be extracted from the pattern, but that should work too.
-- |8]
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Best regards, Koldaev Anton