[syslog-ng] Abort message processing - multiple includes

Tue Nov 19 10:31:39 UTC 2019

Hi!

Good Lord, I think I just found the answer to my question in the 
Documentation :-/ :-)

"This default behavior can be changed using the flags() parameter. Flags 
apply to individual log paths, they are not global options. "

Therefore I think the final breaks out of the log-processing of the actual 
log-directive, but others "matching" will processed

Argh... think I have to cat some of my config-files together...

Sorry for "spamming" :-)

cheers
Matthias

P.S. If I am wrong, please correct me (hope dies last ;->)

------------------------------------------------------------------------------------
METZLER 
Informationstechnologie

Matthias Gruber 
IT-Infrastruktur & -Betrieb

B. Metzler seel. Sohn & Co.
Kommanditgesellschaft auf Aktien
Untermainanlage 1
60329 Frankfurt am Main
Telefon (0 69) 21 04 - 43 30
Telefax (0 69) 21 04 - 40 40
MGruber at metzler.com
www.metzler.com

Von:    Matthias Gruber/METZLER
An:     "Syslog-ng users' and developers' mailing list" 
<syslog-ng at lists.balabit.hu>
Datum:  19.11.2019 08:54
Betreff:        Abort message processing - multiple includes

Hi!

Perhaps I misunderstood it, or got a bit crossed up, because I dig into 
syslog-ng-Configs since weeks, but I  am unsure about the "flags(final)" 
statement

I have several includes with several log-statements and several sources

e.g.  (no runnable syntax, only for demonstration-purpose)

0001-A.conf
log {
        source(s_tcp_A);
        filter(f_filter_A);
        destination(d_somewhere_A);
        flags(final);
};

0002-B.conf
log {
        source(s_tcp_A);
        destination(d_somewhere_BBB);
        flags(final);
};

As I understand it, first of all, its included in "alphabetical order", so 
in my case first 0001-A.conf, then 0002-B.conf and so on.... 

But now my "Problem" and question

(Yes I would normally do a "if"-Construct to solve that, problem above, 
but I used that example to understand the flags(final),)

If I have a message received by s_tcp_A, filter f_filter_A hits, the rule 
sends it to d_somewhere_A and do a "Escape" cause of flags(final), does 
the message still got processes by the include of 0002-B.conf??
Does the flags(final) is only relevant for one "log-rule", or does it ends 
the whole processing?

To be honest, I habe several includes, and a "last" one, which is imported 
last, with a "hit"-all, in my childish thought, if the flags(final) stopps 
processing of the message compleetly this hit-all only gets "the junk" 
where nothing else hists. Why do I do that, and not write it in one file 
with a large if-elif-else-construct, I do that for the readability since 
this file would be extremly large.

I am thankfull for any help

cheers
Matthias

------------------------------------------------------------------------------------
METZLER 
Informationstechnologie

Matthias Gruber 
IT-Infrastruktur & -Betrieb

B. Metzler seel. Sohn & Co.
Kommanditgesellschaft auf Aktien
Untermainanlage 1
60329 Frankfurt am Main
Telefon (0 69) 21 04 - 43 30
Telefax (0 69) 21 04 - 40 40
MGruber at metzler.com
www.metzler.com

Persönlich haftende Gesellschafter: Harald Illy, Michael Klaus, Friedrich von Metzler, Emmerich Müller, Gerhard Wiesheu
Vorsitzender des Aufsichtsrats: Dr. Christoph Schücking
Sitz der Gesellschaft: Frankfurt am Main, Handelsregister-Nr. HRB 27 515

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfänger sein, so bitten wir Sie höflich, dies unverzüglich dem Absender mitzuteilen und die Nachricht zu löschen. Es ist unzulässig, die Nachricht unbefugt weiterzuleiten oder zu kopieren. Da wir nicht die Echtheit oder Vollständigkeit der in dieser Nachricht enthaltenen Informationen garantieren oder zusichern können, sind die vorstehenden Ausführungen rechtlich nicht bindend. Eine Haftung hierfür wird ausgeschlossen.
This message is confidential. If you are not the intended recipient, we kindly ask you to inform the sender and delete the information. Any unauthorised dissemination or copying hereof is prohibited. As we cannot guarantee or assure the genuineness or completeness of the information contained in this message, the statements set forth above are not legally binding. Accordingly we cannot accept any liability for their contents.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20191119/c0923c88/attachment.html>