[syslog-ng] syslog-ng Filter expression help
Balazs Scheidler
bazsi at balabit.hu
Wed Jan 28 14:05:36 CET 2009
On Wed, 2009-01-28 at 07:46 -0500, cod3fr3ak wrote:
> Is there anyway I can combine these filters into a single line per
> host?
>
> filter f_host-dns1 { host ("SVR006*") or host ("dns1*"); };
> filter f_host-dns2 { host ("SVR015*") or host ("dns2*"); };
> filter f_host-dns21 { host ("SVR138*") or host ("dns21*"); };
> filter f_query-dns1 { filter (f_local0) and filter (f_host-dns1); };
> filter f_query-dns2 { filter (f_local0) and filter (f_host-dns2); };
> filter f_query-dns21 { filter (f_local0) and filter (f_host-dns21); };
>
> I think I can but I am unsure of how syslog-ng handles ANDs and ORs
it should support a full boolean algebra, AND/OR and parentheses. there
was a related bug though, the patch for 2.1 is here:
http://git.balabit.hu/?p=bazsi/syslog-ng-2.1.git;a=commit;h=ad72b87257a4e19361e8b3fc8420b00f3cda31bf
but the same fix was applied to 3.0 as well.
--
Bazsi
More information about the syslog-ng
mailing list