[syslog-ng] Bazsi's blog: Syslog-ng correllation
Balazs Scheidler
bazsi at balabit.hu
Sat Oct 16 12:23:59 CEST 2010
On Wed, 2010-10-06 at 09:38 -0500, Martin Holste wrote:
> > Thanks. I take this as a compliment. :) In fact I do like template
> > functions a lot. If only I had a scripting engine embedded into
> > syslog-ng to make it extending really easy.
>
> My vote would be for embedding a Perl interpreter, though Lua seems to
> be the more fashionable embed these days.
>
> > the foo and bar parts are what the $(if) constructs expands to if the
> > result of the filter evaluation is true / false respectively.
>
> Can you give an example? I'm not on the same page with you.
Let's say you want to assign the class of a given message based on
whether the username is root or something else.
<value name=".classifier.class">$(if "${usracct.username}" == "root" violation system)</value>
--
Bazsi
More information about the syslog-ng
mailing list