[syslog-ng] is it possible to use if() ... else statements on syslog-ng 3.7?

Scheidler, Balázs balazs.scheidler at balabit.com
Thu May 11 04:39:53 UTC 2017 

Yes, you can also combine the first two:

$(* $(/ $R_MIN 5) 5)

It would be nice to have a template function that does the padding, but
right now we dont have that. In that case it could be like this:

$(str-pad --width 2 --right --pad 0 $(* $(/ $R_MIN 5) 5))

Or something like that. A specialized template function that does exactly
this could also br useful:

$(slice $R_MIN 5)

Although the naming can be tricky (I don't think slice conveys the meaning
well enough).

Creating a simple template function is not too difficult, just look at the
basicfuncs module.

One with arguments is more difficult though.

Bazsi

On May 11, 2017 6:29 AM, "Jorge Pereira" <jpereiran at gmail.com> wrote:

> Balazs,
>
> Something like that?
>
> set("$(/ $R_MIN 5)", value("min_slice"));
> set("$(* $min_slice 5)", value("min_slice"));
> set("0${min_slice}", value("min_slice"), condition("min_slice" < "10")); #
> pad the "0"
>
>
> --
> Jorge Pereira
>
> On Wed, May 10, 2017 at 7:50 PM, Jorge Pereira <jpereiran at gmail.com>
> wrote:
>
>> Hi Balazs,
>>
>> Sorry, But I didn't get your suggestion as well. do you mind to be more
>> clearly?
>>
>> --
>> Jorge Pereira
>>
>> On Wed, May 10, 2017 at 3:42 AM, Balazs Scheidler <bazsi77 at gmail.com>
>> wrote:
>>
>>> I think we have a $(/ $R_MIN 5) template function for integer division,
>>> likewise we have multiplication as well, which you can use to achieve the
>>> same a lot easier.
>>>
>>> On May 9, 2017 19:41, "Jorge Pereira" <jpereiran at gmail.com> wrote:
>>>
>>>> My approach is:
>>>>
>>>>     rewrite {
>>>>         # e.g: 20170417/1000PM
>>>>         set("00", value("min_slice"), condition("$R_MIN" >= "0"));
>>>>         set("05", value("min_slice"), condition("$R_MIN" >= "5"));
>>>>         set("10", value("min_slice"), condition("$R_MIN" >= "10"));
>>>>         set("15", value("min_slice"), condition("$R_MIN" >= "15"));
>>>>         set("20", value("min_slice"), condition("$R_MIN" >= "20"));
>>>>         set("25", value("min_slice"), condition("$R_MIN" >= "25"));
>>>>         set("30", value("min_slice"), condition("$R_MIN" >= "30"));
>>>>         set("35", value("min_slice"), condition("$R_MIN" >= "35"));
>>>>         set("40", value("min_slice"), condition("$R_MIN" >= "40"));
>>>>         set("45", value("min_slice"), condition("$R_MIN" >= "45"));
>>>>         set("50", value("min_slice"), condition("$R_MIN" >= "50"));
>>>>         set("55", value("min_slice"), condition("$R_MIN" >= "55"));
>>>>
>>>>         # final macro
>>>>         set("${YEAR}${MONTH}${DAY}-${HOUR12}${min_slice}${AMPM}",
>>>> value("logfmt_file"));
>>>>         set("${YEAR}${MONTH}${DAY}/${HOUR12}${min_slice}${AMPM}",
>>>> value("logfmt_dir"));
>>>>     };
>>>>
>>>> --
>>>> Jorge Pereira
>>>>
>>>> On Tue, May 9, 2017 at 4:00 AM, James Elstone <james at elstone.net>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Are multiple channel{} commands processed in parallel or sequentially?
>>>>>
>>>>> Kr,
>>>>>
>>>>> James
>>>>>
>>>>>
>>>>> On 9 May 2017 07:20:05 BST, "Scheidler, Balázs" <
>>>>> balazs.scheidler at balabit.com> wrote:
>>>>>>
>>>>>> This is possible, but with quite ugly syntax. I always wanted to add
>>>>>> some syntactic sugar, but never got around to do it.
>>>>>>
>>>>>> It looks like this:
>>>>>>
>>>>>> junction {
>>>>>>    channel {
>>>>>>        # if, with conditions specified as filters
>>>>>>        filter { whatever... };
>>>>>>        destination { whatever };
>>>>>>        flags(final);
>>>>>>     };
>>>>>>     channel {
>>>>>>        # else, you can add filters as well
>>>>>>        destination { something else };
>>>>>>        flags(final);
>>>>>>     };
>>>>>> };
>>>>>>
>>>>>> The key parts:
>>>>>> * This can be embedded to any log statement as it is
>>>>>> * It uses inline filters and destinations, but you can use other
>>>>>> definitions by using simple parens instead of braces.
>>>>>> * flags final which causes processing to be stopped at the first
>>>>>> match. Without that, you'd be duplicating messages, if the conditions
>>>>>> overlap.
>>>>>> * You can add any number of channels, you are not limited to one
>>>>>> if/else construct. It is more like a filter based switch with multple
>>>>>> potential branches.
>>>>>>
>>>>>> Hope this helps,
>>>>>>
>>>>>>
>>>>>> On May 9, 2017 01:03, "Jorge Pereira" <jpereiran at gmail.com> wrote:
>>>>>>
>>>>>>> Ops! The documentation explaining only to use with templates.
>>>>>>>
>>>>>>> Basically, I am looking for how to do the below pseudo-code.
>>>>>>>
>>>>>>>     destination {
>>>>>>>         if ($R_MIN >= 0 && $R_MIN < 30)
>>>>>>>             file("/path/file_00m-15m.log");
>>>>>>>         else
>>>>>>>             file("/path/file_30m-60m.log");
>>>>>>>         endif()
>>>>>>>     };
>>>>>>>
>>>>>>> p.s: I need to save the logs in chunks of 30 minutes being 00m-30m &
>>>>>>> 31m-60m
>>>>>>>
>>>>>>> --
>>>>>>> Jorge Pereira
>>>>>>>
>>>>>>> On Mon, May 8, 2017 at 7:52 PM, Jorge Pereira <jpereiran at gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> never mind, I found it.
>>>>>>>>
>>>>>>>> https://www.balabit.com/documents/syslog-ng-ose-latest-guide
>>>>>>>> s/en/syslog-ng-ose-guide-admin/html/reference-template-funct
>>>>>>>> ions.html
>>>>>>>>
>>>>>>>> --
>>>>>>>> Jorge Pereira
>>>>>>>>
>>>>>>>> On Mon, May 8, 2017 at 7:46 PM, Jorge Pereira <jpereiran at gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> hi team,
>>>>>>>>> is it possible to use if() ... else statements on syslog-ng 3.7? I
>>>>>>>>> am trying to do something like.
>>>>>>>>>
>>>>>>>>> if ($value >= X)
>>>>>>>>>   ......
>>>>>>>>> else
>>>>>>>>>   ......
>>>>>>>>> --
>>>>>>>>> Jorge Pereira
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> ____________________________________________________________
>>>>>>> __________________
>>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>>> Documentation: http://www.balabit.com/support
>>>>>>> /documentation/?product=syslog-ng
>>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>>
>>>>>>>
>>>>>>>
>>>>> --
>>>>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>>>>
>>>>> ____________________________________________________________
>>>>> __________________
>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>> Documentation: http://www.balabit.com/support
>>>>> /documentation/?product=syslog-ng
>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>
>>>>>
>>>>>
>>>>
>>>> ____________________________________________________________
>>>> __________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation: http://www.balabit.com/support
>>>> /documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>>
>>> ____________________________________________________________
>>> __________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support
>>> /documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170511/fa5f8887/attachment.html>

More information about the syslog-ng mailing list