Ok, got it. Now what about applying to other variables like this: <value name="usracct.username">$(if "${usracct.username}" == "root" "root" "normal user")</value> Or additional embedded conditionals (MySQL-style) like this: <value name="usracct.username">$(if "${usracct.username}" == "root" $(if "${usracct.username}" == "joe" "admin" "normal user") "normal user")</value> On Sat, Oct 16, 2010 at 5:23 AM, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Wed, 2010-10-06 at 09:38 -0500, Martin Holste wrote:
Thanks. I take this as a compliment. :) In fact I do like template functions a lot. If only I had a scripting engine embedded into syslog-ng to make it extending really easy.
My vote would be for embedding a Perl interpreter, though Lua seems to be the more fashionable embed these days.
the foo and bar parts are what the $(if) constructs expands to if the result of the filter evaluation is true / false respectively.
Can you give an example? I'm not on the same page with you.
Let's say you want to assign the class of a given message based on whether the username is root or something else.
<value name=".classifier.class">$(if "${usracct.username}" == "root" violation system)</value>
-- Bazsi
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html