[syslog-ng] is it possible to use if() ... else statements on syslog-ng 3.7?

Balazs Scheidler bazsi77 at gmail.com
Wed May 10 06:42:33 UTC 2017 

I think we have a $(/ $R_MIN 5) template function for integer division,
likewise we have multiplication as well, which you can use to achieve the
same a lot easier.

On May 9, 2017 19:41, "Jorge Pereira" <jpereiran at gmail.com> wrote:

> My approach is:
>
>     rewrite {
>         # e.g: 20170417/1000PM
>         set("00", value("min_slice"), condition("$R_MIN" >= "0"));
>         set("05", value("min_slice"), condition("$R_MIN" >= "5"));
>         set("10", value("min_slice"), condition("$R_MIN" >= "10"));
>         set("15", value("min_slice"), condition("$R_MIN" >= "15"));
>         set("20", value("min_slice"), condition("$R_MIN" >= "20"));
>         set("25", value("min_slice"), condition("$R_MIN" >= "25"));
>         set("30", value("min_slice"), condition("$R_MIN" >= "30"));
>         set("35", value("min_slice"), condition("$R_MIN" >= "35"));
>         set("40", value("min_slice"), condition("$R_MIN" >= "40"));
>         set("45", value("min_slice"), condition("$R_MIN" >= "45"));
>         set("50", value("min_slice"), condition("$R_MIN" >= "50"));
>         set("55", value("min_slice"), condition("$R_MIN" >= "55"));
>
>         # final macro
>         set("${YEAR}${MONTH}${DAY}-${HOUR12}${min_slice}${AMPM}",
> value("logfmt_file"));
>         set("${YEAR}${MONTH}${DAY}/${HOUR12}${min_slice}${AMPM}",
> value("logfmt_dir"));
>     };
>
> --
> Jorge Pereira
>
> On Tue, May 9, 2017 at 4:00 AM, James Elstone <james at elstone.net> wrote:
>
>> Hi,
>>
>> Are multiple channel{} commands processed in parallel or sequentially?
>>
>> Kr,
>>
>> James
>>
>>
>> On 9 May 2017 07:20:05 BST, "Scheidler, Balázs" <
>> balazs.scheidler at balabit.com> wrote:
>>>
>>> This is possible, but with quite ugly syntax. I always wanted to add
>>> some syntactic sugar, but never got around to do it.
>>>
>>> It looks like this:
>>>
>>> junction {
>>>    channel {
>>>        # if, with conditions specified as filters
>>>        filter { whatever... };
>>>        destination { whatever };
>>>        flags(final);
>>>     };
>>>     channel {
>>>        # else, you can add filters as well
>>>        destination { something else };
>>>        flags(final);
>>>     };
>>> };
>>>
>>> The key parts:
>>> * This can be embedded to any log statement as it is
>>> * It uses inline filters and destinations, but you can use other
>>> definitions by using simple parens instead of braces.
>>> * flags final which causes processing to be stopped at the first match.
>>> Without that, you'd be duplicating messages, if the conditions overlap.
>>> * You can add any number of channels, you are not limited to one if/else
>>> construct. It is more like a filter based switch with multple potential
>>> branches.
>>>
>>> Hope this helps,
>>>
>>>
>>> On May 9, 2017 01:03, "Jorge Pereira" <jpereiran at gmail.com> wrote:
>>>
>>>> Ops! The documentation explaining only to use with templates.
>>>>
>>>> Basically, I am looking for how to do the below pseudo-code.
>>>>
>>>>     destination {
>>>>         if ($R_MIN >= 0 && $R_MIN < 30)
>>>>             file("/path/file_00m-15m.log");
>>>>         else
>>>>             file("/path/file_30m-60m.log");
>>>>         endif()
>>>>     };
>>>>
>>>> p.s: I need to save the logs in chunks of 30 minutes being 00m-30m &
>>>> 31m-60m
>>>>
>>>> --
>>>> Jorge Pereira
>>>>
>>>> On Mon, May 8, 2017 at 7:52 PM, Jorge Pereira <jpereiran at gmail.com>
>>>> wrote:
>>>>
>>>>> never mind, I found it.
>>>>>
>>>>> https://www.balabit.com/documents/syslog-ng-ose-latest-guide
>>>>> s/en/syslog-ng-ose-guide-admin/html/reference-template-functions.html
>>>>>
>>>>> --
>>>>> Jorge Pereira
>>>>>
>>>>> On Mon, May 8, 2017 at 7:46 PM, Jorge Pereira <jpereiran at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> hi team,
>>>>>> is it possible to use if() ... else statements on syslog-ng 3.7? I am
>>>>>> trying to do something like.
>>>>>>
>>>>>> if ($value >= X)
>>>>>>   ......
>>>>>> else
>>>>>>   ......
>>>>>> --
>>>>>> Jorge Pereira
>>>>>>
>>>>>
>>>>>
>>>>
>>>> ____________________________________________________________
>>>> __________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation: http://www.balabit.com/support
>>>> /documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>>
>> --
>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=
>> syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170510/b088b578/attachment-0001.html>

More information about the syslog-ng mailing list