syslog-ng Filter expression help
Is there anyway I can combine these filters into a single line per host? filter f_host-dns1 { host ("SVR006*") or host ("dns1*"); }; filter f_host-dns2 { host ("SVR015*") or host ("dns2*"); }; filter f_host-dns21 { host ("SVR138*") or host ("dns21*"); }; filter f_query-dns1 { filter (f_local0) and filter (f_host-dns1); }; filter f_query-dns2 { filter (f_local0) and filter (f_host-dns2); }; filter f_query-dns21 { filter (f_local0) and filter (f_host-dns21); }; I think I can but I am unsure of how syslog-ng handles ANDs and ORs
On Wed, 2009-01-28 at 07:46 -0500, cod3fr3ak wrote:
Is there anyway I can combine these filters into a single line per host?
filter f_host-dns1 { host ("SVR006*") or host ("dns1*"); }; filter f_host-dns2 { host ("SVR015*") or host ("dns2*"); }; filter f_host-dns21 { host ("SVR138*") or host ("dns21*"); }; filter f_query-dns1 { filter (f_local0) and filter (f_host-dns1); }; filter f_query-dns2 { filter (f_local0) and filter (f_host-dns2); }; filter f_query-dns21 { filter (f_local0) and filter (f_host-dns21); };
I think I can but I am unsure of how syslog-ng handles ANDs and ORs
it should support a full boolean algebra, AND/OR and parentheses. there was a related bug though, the patch for 2.1 is here: http://git.balabit.hu/?p=bazsi/syslog-ng-2.1.git;a=commit;h=ad72b87257a4e193... but the same fix was applied to 3.0 as well. -- Bazsi
participants (2)
-
Balazs Scheidler
-
cod3fr3ak