Interesting, I don't think I've used that before. The description sounds more like what I'd consider a 'catchall' to be than what the actual catchall does, except it only catches that which hasn't already been caught. That might be useful for a use-case I have where we have people who send us logs without notifying us first so that we can filter for it, this way we can at least start indexing it and whenever they do get around to letting us know they are sending it we will at least have it contained somewhere. Thanks, -Mark -----Original Message----- From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> On Behalf Of Fabien Wernli Sent: Thursday, May 9, 2019 8:56 AM To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] Multiple log statements vs If/else On Thu, May 09, 2019 at 12:58:50PM +0000, Faine, Mark R. (MSFC-IS40)[NICS] wrote:
I can understand that, however, if you’re trying to convert yaml into a log path it would be hard to do if/else dynamically. I am curious about how the declaration order matters. My understanding is that each message will be evaluated for a match on each log statement in the order that they appear in the file and only when it hits a log statement with a final flag will it stop attempting to match. Is that correct?
there is also the 'fallback' flag