[syslog-ng] Bazsi's blog: Syslog-ng correllation
Martin Holste
mcholste at gmail.com
Sat Oct 16 16:24:10 CEST 2010
Ok, got it. Now what about applying to other variables like this:
<value name="usracct.username">$(if "${usracct.username}" == "root"
"root" "normal user")</value>
Or additional embedded conditionals (MySQL-style) like this:
<value name="usracct.username">$(if "${usracct.username}" == "root"
$(if "${usracct.username}" == "joe" "admin" "normal user") "normal
user")</value>
On Sat, Oct 16, 2010 at 5:23 AM, Balazs Scheidler <bazsi at balabit.hu> wrote:
> On Wed, 2010-10-06 at 09:38 -0500, Martin Holste wrote:
>> > Thanks. I take this as a compliment. :) In fact I do like template
>> > functions a lot. If only I had a scripting engine embedded into
>> > syslog-ng to make it extending really easy.
>>
>> My vote would be for embedding a Perl interpreter, though Lua seems to
>> be the more fashionable embed these days.
>>
>> > the foo and bar parts are what the $(if) constructs expands to if the
>> > result of the filter evaluation is true / false respectively.
>>
>> Can you give an example? I'm not on the same page with you.
>
> Let's say you want to assign the class of a given message based on
> whether the username is root or something else.
>
> <value name=".classifier.class">$(if "${usracct.username}" == "root" violation system)</value>
>
> --
> Bazsi
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
More information about the syslog-ng
mailing list