[syslog-ng] min and max message count condition in correlation actions
Anton Koldaev
koldaevav at gmail.com
Mon Apr 15 09:15:38 CEST 2013
Could you please give an example of using 'context-length' condition?
I wonder if I can use it for sending an alert to monitoring system when
there are more than 'N' exceptions per 'T' second are sent by my app hosts.
On Sun, Apr 14, 2013 at 5:30 AM, Evan Rempel <erempel at uvic.ca> wrote:
> As of 2 days ago a new syslog-ng guide was published that now documents
> this :-)
>
> Slightly different syntax
>
> <action condition='"$(context-length)" >= "$max"'>
>
> Works like a charm.
>
> Also, it isn't specified that <tag>xxx</tag> can be in the <message> part
> of an action.
>
> syslog-ng never stops amazing me.
>
> Evan.
> ________________________________________
> From: syslog-ng-bounces at lists.balabit.hu [
> syslog-ng-bounces at lists.balabit.hu] on behalf of Gergely Nagy [
> algernon at balabit.hu]
> Sent: Saturday, April 13, 2013 5:32 AM
> To: Syslog-ng users' and developers' mailing list
> Subject: Re: [syslog-ng] min and max message count condition in
> correlation actions
>
> Evan Rempel <erempel at uvic.ca> writes:
>
> > so the syntax would be
> >
> > <action condition="$(context-length) == $num">
> >
> > wher $num is some macro from the pattern used to match a line.
> >
> > Is that correct?
>
> $num can be pretty much anything: a number, a macro, another template
> function - it is entirely up to you. It does not need to be extracted
> from the pattern, but that should work too.
>
> --
> |8]
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
--
Best regards,
Koldaev Anton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130415/668b4ee9/attachment.htm
More information about the syslog-ng
mailing list