On Thu, Jun 14, 2012 at 5:21 PM, Evan Rempel <erempel@uvic.ca> wrote:
I have never done this, however, the manual states
"condition: A syslog-ng filter expression. The action is performed only if the message matches the filter. The filter can include macros and name-value pairs extracted from the message."
so if you look at the syntax for filters, you do not use the & for logical and, you use the word "and".
So I think your condition should be
<action trigger="match" condition=" '${first_field}@1' == 'something_1' and '${second_field}' == 'something_2' ">
you may need parenthesis, so
<action trigger="match" condition=" '(${first_field}@1' == 'something_1') and ('${second_field}' == 'something_2') ">
Hope this works for you.
Evan.
Many thanks Evan, but it doesn't seems to work under 3.3.5 ...Exists some option to debug conditions??