[syslog-ng] Embedded log statements
Balazs Scheidler
bazsi at balabit.hu
Tue Mar 29 13:52:49 CEST 2011
On Tue, 2011-03-29 at 12:39 +0200, Hendrik Visage wrote:
> Hi there,
>
> The example in the Administrator's Guide, looks (simplified) like this:
>
> log{ Source(source); filter(f1); destination(d1)
> log { filter(f1.1); destination(d1.1)
> log {filter(f1.1.1); destination(d1.1.1)};
> };
> };
>
> ie. the equivalence of:
> log{ Source(source); filter(f1); destination(d1)}
> log{ Source(source); filter(f1); filter(f1.1); destination(d1.1)}
> log{ Source(source); filter(f1); filter(f1.1); filter(f1.1.1);
> destination(d1.1.1)};
>
> I need to know if the following also allowed/expected behavior of embedded logs:
>
> log{ Source(source); filter(f1); destination(d1)
> log { filter(f1.1); destination(d1.1)
> log {filter(f1.1.1); destination(d1.1.1)};
> };
> log {filter(f1.2); destination(d1.2)};
> };
>
> ie. equivalent to:
>
> log{ Source(source); filter(f1); destination(d1)}
> log{ Source(source); filter(f1); filter(f1.1); destination(d1.1)}
> log{ Source(source); filter(f1); filter(f1.1); filter(f1.1.1);
> destination(d1.1.1)};
> log{ Source(source); filter(f1); filter(f1.2); destination(d1.2)}
>
> And example to this nature in the documentation would be appreciated ;)
Yes, it should work as you describe. The two examples are not completely
equivalent though:
* the tree based structure is faster, as some of the filters have to
be evaluated once, while in the other case multiple times (filter(f1)
for example is evaluated 4 times in the one without embedded
statements).
--
Bazsi
More information about the syslog-ng
mailing list