[syslog-ng]Conditional logic
David Monk
david@purplebear.net
Tue, 15 Jan 2002 13:25:11 -0600
You know, I almost submitted the same solution, but looking at his sample
log entries, it appears the failed message is a second or subsequent message
without the MountTape portion.
Some conditional type logic could be very beneficial though. Like, I am
currently logging some PIX firewalls. I would eventually like to setup the
filters so it emails or pages based on certain messages, but not necessarily
every message of the same matching expression. Like DENY messages for
instance. It would be great to get paged when the same host repeated gets a
DENY to the same resource. One or two attempts at the same resource could
very easily be accidental in one way or another, but repeated attempts at
the same resource from the same host might deserve a little more attention.
David Monk CCNA, MCSE
david@purplebear.net
----- Original Message -----
From: "Gregor Binder" <gb@rootnexus.net>
To: <syslog-ng@lists.balabit.hu>
Sent: Tuesday, January 15, 2002 1:11 PM
Subject: Re: [syslog-ng]Conditional logic
> jesse.keefe@convergys.com on Tue, Jan 15, 2002 at 01:55:26PM -0500:
>
> Hi Jesse,
>
> > What I would like to do is have the Mount Tape matched and if it
> > fails page someone. If it passes, just continue on.
> > Any ideas?
>
> Yes, simply combine two conditions in one filter statement. Such as:
>
> filter f_tload { match("MountTape") and match("failed"); };
>
> Then use this filter for the log-statement sending to your program
> destination that does the paging for you.
>
> Regards,
>
> --
> ____ ____
> / _/| - > Gregor Binder <gb@(rootnexus.net|sysfive.com)>
> | / || _\ \
> \__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>