[syslog-ng] Multiple log statements vs If/else

Thu May 9 12:58:50 UTC 2019

I can understand that, however, if you’re trying to convert yaml into a log path it would be hard to do if/else dynamically.  I am curious about how the declaration order matters.  My understanding is that each message will be evaluated for a match on each log statement in the order that they appear in the file and only when it hits a log statement with a final flag will it stop attempting to match.  Is that correct?

Thanks,
-Mark

From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> On Behalf Of Nagy, Gábor
Sent: Thursday, May 9, 2019 6:25 AM
To: wernli at in2p3.fr; Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Multiple log statements vs If/else

Hi,

> The if/then/else control is much more readable, and I believe it was
> implemented for that reason. That being said, you can achieve the same
> behaviour with multiple log paths + flags, or embedded log paths and
> channels/junctions. Be aware however that in the former, declaration order
> matters.

Yes, that's correct.
We prefer using if-elif statements instead of using junction/channels with final flags (because if-elif are basically just that) for convenience.
In if-elif statements there are even some flexibility you can configure (what should be used for the conditional expression), for details let me link our Admin guide:
https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.20/administration-guide/51#TOPIC-1121970<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.syslog-2Dng.com_technical-2Ddocuments_doc_syslog-2Dng-2Dopen-2Dsource-2Dedition_3.20_administration-2Dguide_51-23TOPIC-2D1121970&d=DwMFaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=zMyZvtxRXMBKZZYKVMke9zplWK320p3d51BzuU4jwWo&m=OXG-rqtJRwb33rohzlCAlj5ECW24TajYVXiQhsk1lgk&s=gxhgPVuwtDAcJQ_v11zeO62ndyj6aMO9yABaPnB9BPk&e=>

Regards,
Gabor

On Thu, May 9, 2019 at 9:18 AM Fabien Wernli <wernli at in2p3.fr<mailto:wernli at in2p3.fr>> wrote:
Hi,

On Wed, May 08, 2019 at 01:28:46PM +0000, Faine, Mark R. (MSFC-IS40)[NICS] wrote:
> I was thinking about trying to build a configuration specific for an app from a Jinja2 template in Ansible and it seems like to me that if they aren't different it would be easier to do multiple log statements if generated dynamically.

The if/then/else control is much more readable, and I believe it was
implemented for that reason. That being said, you can achieve the same
behaviour with multiple log paths + flags, or embedded log paths and
channels/junctions. Be aware however that in the former, declaration order
matters.

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.balabit.hu_mailman_listinfo_syslog-2Dng&d=DwMFaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=zMyZvtxRXMBKZZYKVMke9zplWK320p3d51BzuU4jwWo&m=OXG-rqtJRwb33rohzlCAlj5ECW24TajYVXiQhsk1lgk&s=4jK_H3E_EdU6NYm5zUg-IfMh1xyx9I9yCqqN2Qczz2I&e=>
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.balabit.com_support_documentation_-3Fproduct-3Dsyslog-2Dng&d=DwMFaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=zMyZvtxRXMBKZZYKVMke9zplWK320p3d51BzuU4jwWo&m=OXG-rqtJRwb33rohzlCAlj5ECW24TajYVXiQhsk1lgk&s=C8bvt5zSDKHfk0ATg-iiJ0QQnm675eupEEUG8NQ1Brc&e=>
FAQ: http://www.balabit.com/wiki/syslog-ng-faq<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.balabit.com_wiki_syslog-2Dng-2Dfaq&d=DwMFaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=zMyZvtxRXMBKZZYKVMke9zplWK320p3d51BzuU4jwWo&m=OXG-rqtJRwb33rohzlCAlj5ECW24TajYVXiQhsk1lgk&s=DA4-kGQ4DZUwbI9n9mRc-Pn7lwd8hbqWufNDF-s3Cuk&e=>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190509/647d8e36/attachment.html>