[syslog-ng] is it possible to use if() ... else statements on syslog-ng 3.7?

Scheidler, Balázs balazs.scheidler at balabit.com
Tue May 9 06:20:05 UTC 2017 

This is possible, but with quite ugly syntax. I always wanted to add some
syntactic sugar, but never got around to do it.

It looks like this:

junction {
   channel {
       # if, with conditions specified as filters
       filter { whatever... };
       destination { whatever };
       flags(final);
    };
    channel {
       # else, you can add filters as well
       destination { something else };
       flags(final);
    };
};

The key parts:
* This can be embedded to any log statement as it is
* It uses inline filters and destinations, but you can use other
definitions by using simple parens instead of braces.
* flags final which causes processing to be stopped at the first match.
Without that, you'd be duplicating messages, if the conditions overlap.
* You can add any number of channels, you are not limited to one if/else
construct. It is more like a filter based switch with multple potential
branches.

Hope this helps,


On May 9, 2017 01:03, "Jorge Pereira" <jpereiran at gmail.com> wrote:

> Ops! The documentation explaining only to use with templates.
>
> Basically, I am looking for how to do the below pseudo-code.
>
>     destination {
>         if ($R_MIN >= 0 && $R_MIN < 30)
>             file("/path/file_00m-15m.log");
>         else
>             file("/path/file_30m-60m.log");
>         endif()
>     };
>
> p.s: I need to save the logs in chunks of 30 minutes being 00m-30m &
> 31m-60m
>
> --
> Jorge Pereira
>
> On Mon, May 8, 2017 at 7:52 PM, Jorge Pereira <jpereiran at gmail.com> wrote:
>
>> never mind, I found it.
>>
>> https://www.balabit.com/documents/syslog-ng-ose-latest-
>> guides/en/syslog-ng-ose-guide-admin/html/reference-template-
>> functions.html
>>
>> --
>> Jorge Pereira
>>
>> On Mon, May 8, 2017 at 7:46 PM, Jorge Pereira <jpereiran at gmail.com>
>> wrote:
>>
>>> hi team,
>>> is it possible to use if() ... else statements on syslog-ng 3.7? I am
>>> trying to do something like.
>>>
>>> if ($value >= X)
>>>   ......
>>> else
>>>   ......
>>> --
>>> Jorge Pereira
>>>
>>
>>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170509/46083648/attachment-0001.html>

More information about the syslog-ng mailing list