[syslog-ng] Two or more conditions on a action
Fekete Róbert
frobert at balabit.hu
Wed Jun 20 20:42:09 CEST 2012
On Monday, June 18, 2012 21:02 CEST, Evan Rempel <erempel at uvic.ca> wrote:
> C. L. Martinez wrote:
> > On Thu, Jun 14, 2012 at 5:21 PM, Evan Rempel <erempel at uvic.ca> wrote:
> >> I have never done this, however, the manual states
> >>
> >> "condition: A syslog-ng filter expression. The action is performed only if the message matches the filter. The filter
> >> can include macros and name-value pairs extracted from the message."
> >>
> >> so if you look at the syntax for filters, you do not use the & for logical and, you use the word "and".
> >>
> >> So I think your condition should be
> >>
> >> <action trigger="match" condition=" '${first_field}@1' == 'something_1' and '${second_field}' == 'something_2' ">
> >>
> >> you may need parenthesis, so
> >>
> >> <action trigger="match" condition=" '(${first_field}@1' == 'something_1') and ('${second_field}' == 'something_2') ">
> >>
> >> Hope this works for you.
> >>
> >> Evan.
> >>
> >>
> >
> > Many thanks Evan, but it doesn't seems to work under 3.3.5 ...Exists
> > some option to debug conditions??
>
> Anyone else want to comment?
> This should work - bug?
>
Hi, I have asked Bazsi and Algernon to take a look at the code to check if it should work as supposed, or is buggy.
I don't know when they will have time to check it, though,
Robert
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
More information about the syslog-ng
mailing list