[syslog-ng] Multiple rewrite conditions under 3.4.x
Balazs Scheidler
bazsi77 at gmail.com
Sat Feb 8 07:11:13 CET 2014
On Feb 6, 2014 3:42 PM, "C. L. Martinez" <carlopmart at gmail.com> wrote:
>
> Hi all,
>
> Is it possible to add multiple rewrite conditions in syslog-ng 3.4.x
like this:
>
> rewrite r_rewrite_set{
> set("myhost1", value("HOST")
> condition(program("myapplication1")));
> set("myhost2", value("HOST")
> condition(program("myapplication2")));
> set("myhost3", value("HOST")
> condition(program("myapplication3")));
> set("myhost4", value("HOST")
> condition(program("myapplication4")));
> };
>
Well, this would sequentially evaluate the filters, and then apply the
rewrite rule which matches.
If this is the only thing you want to change based on the program filter,
then it should be ok.
If you have or will have more rewrites using the same condition, I'd use
the junction syntax instead.
Junction {
Log {
Filter { program(...); };
Rewrite {}
Flags(final);
}
Log {};
...
}
This should break out at the first match, instead of trying to match all.
What's more this whole junction block can be created as a rewrite rule, and
then referenced in multiple logpaths.
> ??
>
> Is this a good option or maybe a performance penalty??
>
> Thanks.
>
______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140208/082ae188/attachment.htm
More information about the syslog-ng
mailing list