[syslog-ng] is it possible to use if() ... else statements on syslog-ng 3.7?

Jorge Pereira jpereiran at gmail.com
Tue May 9 17:40:42 UTC 2017 

My approach is:

    rewrite {
        # e.g: 20170417/1000PM
        set("00", value("min_slice"), condition("$R_MIN" >= "0"));
        set("05", value("min_slice"), condition("$R_MIN" >= "5"));
        set("10", value("min_slice"), condition("$R_MIN" >= "10"));
        set("15", value("min_slice"), condition("$R_MIN" >= "15"));
        set("20", value("min_slice"), condition("$R_MIN" >= "20"));
        set("25", value("min_slice"), condition("$R_MIN" >= "25"));
        set("30", value("min_slice"), condition("$R_MIN" >= "30"));
        set("35", value("min_slice"), condition("$R_MIN" >= "35"));
        set("40", value("min_slice"), condition("$R_MIN" >= "40"));
        set("45", value("min_slice"), condition("$R_MIN" >= "45"));
        set("50", value("min_slice"), condition("$R_MIN" >= "50"));
        set("55", value("min_slice"), condition("$R_MIN" >= "55"));

        # final macro
        set("${YEAR}${MONTH}${DAY}-${HOUR12}${min_slice}${AMPM}",
value("logfmt_file"));
        set("${YEAR}${MONTH}${DAY}/${HOUR12}${min_slice}${AMPM}",
value("logfmt_dir"));
    };

--
Jorge Pereira

On Tue, May 9, 2017 at 4:00 AM, James Elstone <james at elstone.net> wrote:

> Hi,
>
> Are multiple channel{} commands processed in parallel or sequentially?
>
> Kr,
>
> James
>
>
> On 9 May 2017 07:20:05 BST, "Scheidler, Balázs" <
> balazs.scheidler at balabit.com> wrote:
>>
>> This is possible, but with quite ugly syntax. I always wanted to add some
>> syntactic sugar, but never got around to do it.
>>
>> It looks like this:
>>
>> junction {
>>    channel {
>>        # if, with conditions specified as filters
>>        filter { whatever... };
>>        destination { whatever };
>>        flags(final);
>>     };
>>     channel {
>>        # else, you can add filters as well
>>        destination { something else };
>>        flags(final);
>>     };
>> };
>>
>> The key parts:
>> * This can be embedded to any log statement as it is
>> * It uses inline filters and destinations, but you can use other
>> definitions by using simple parens instead of braces.
>> * flags final which causes processing to be stopped at the first match.
>> Without that, you'd be duplicating messages, if the conditions overlap.
>> * You can add any number of channels, you are not limited to one if/else
>> construct. It is more like a filter based switch with multple potential
>> branches.
>>
>> Hope this helps,
>>
>>
>> On May 9, 2017 01:03, "Jorge Pereira" <jpereiran at gmail.com> wrote:
>>
>>> Ops! The documentation explaining only to use with templates.
>>>
>>> Basically, I am looking for how to do the below pseudo-code.
>>>
>>>     destination {
>>>         if ($R_MIN >= 0 && $R_MIN < 30)
>>>             file("/path/file_00m-15m.log");
>>>         else
>>>             file("/path/file_30m-60m.log");
>>>         endif()
>>>     };
>>>
>>> p.s: I need to save the logs in chunks of 30 minutes being 00m-30m &
>>> 31m-60m
>>>
>>> --
>>> Jorge Pereira
>>>
>>> On Mon, May 8, 2017 at 7:52 PM, Jorge Pereira <jpereiran at gmail.com>
>>> wrote:
>>>
>>>> never mind, I found it.
>>>>
>>>> https://www.balabit.com/documents/syslog-ng-ose-latest-guide
>>>> s/en/syslog-ng-ose-guide-admin/html/reference-template-functions.html
>>>>
>>>> --
>>>> Jorge Pereira
>>>>
>>>> On Mon, May 8, 2017 at 7:46 PM, Jorge Pereira <jpereiran at gmail.com>
>>>> wrote:
>>>>
>>>>> hi team,
>>>>> is it possible to use if() ... else statements on syslog-ng 3.7? I am
>>>>> trying to do something like.
>>>>>
>>>>> if ($value >= X)
>>>>>   ......
>>>>> else
>>>>>   ......
>>>>> --
>>>>> Jorge Pereira
>>>>>
>>>>
>>>>
>>>
>>> ____________________________________________________________
>>> __________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support/documentation/?product=
>>> syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170509/6e64f3ab/attachment.html>

More information about the syslog-ng mailing list