[syslog-ng] Syslog-ng 3.4.5 support question
mukesh kumar
mkkumar20 at gmail.com
Sun Feb 7 12:42:00 UTC 2021
Hi Attila,
Thank you for reply. We are using these type of If-Else condition in
patterendb xml and want to know if there is any documentation available to
implement other types of conditions as well.
<rules>
<rule id="xyz-3735951352" class="xyz">
<patterns>
<pattern>@ESTRING::"[@@ESTRING:tmp.day:/@@ESTRING:tmp.month:/@@ESTRING:tmp.year::@@PCRE:tmp.time:\d{1,2}:\d{1,2}:\d{1,2}@
@ESTRING:timezone:]@"@ESTRING:tmp.dstport: @</pattern>
</patterns>
<values>
<value name="metaclass">xyz</value>
<value name="dstport">$(if ("${tmp.dstport}" != "-")
${tmp.dstport} 0)</value>
<value name="requesttime">${tmp.year}-$(if ("${tmp.month}"
== "Jan") 01 $(if ("${tmp.month}" == "jan") 01 $(if ("${tmp.month}" ==
"Feb") 02 $(if ("${tmp.month}" == "feb") 02 $(if ("${tmp.month}" ==
"Mar") 03 $(if ("${tmp.month}" == "mar") 03 $(if ("${tmp.month}" ==
"Apr") 04 $(if ("${tmp.month}" == "apr") 04 $(if ("${tmp.month}" ==
"May") 05 $(if ("${tmp.month}" == "may") 05 $(if ("${tmp.month}" ==
"Jun") 06 $(if ("${tmp.month}" == "jun") 06 $(if ("${tmp.month}" ==
"Jul") 07 $(if ("${tmp.month}" == "jul") 07 $(if ("${tmp.month}" ==
"Aug") 08 $(if ("${tmp.month}" == "aug") 08 $(if ("${tmp.month}" ==
"Sep") 09 $(if ("${tmp.month}" == "sep") 09 $(if ("${tmp.month}" ==
"Oct") 10 $(if ("${tmp.month}" == "oct") 10 $(if ("${tmp.month}" ==
"Nov") 11 $(if ("${tmp.month}" == "nov") 11 $(if ("${tmp.month}" ==
"Dec") 12 $(if ("${tmp.month}" == "dec") 12
${tmp.month}))))))))))))))))))))))))-${tmp.day} ${tmp.time}</value>
</values>
</rule>
Thanks,
Mukesh Kumar
On Mon, Feb 1, 2021 at 2:06 PM Attila Szakacs (aszakacs) <
Attila.Szakacs at oneidentity.com> wrote:
> Hi Mukesh,
>
> You cannot use if-else or for loop in patterndb, you can only set pattern
> matching rules, to classify the incoming log messages.
>
> The oldest Admin Guide I have found is for 3.5:
> https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edition/3.5
> Chapter 13 is about patterndb.
>
> Can you tell us your use case? What do you want to achieve by using
> if-else and for loop in the patterndb xml?
>
> Cheers,
> Attila
> ------------------------------
> *From:* syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of
> mukesh kumar <mkkumar20 at gmail.com>
> *Sent:* Monday, February 1, 2021 6:50 AM
> *To:* syslog-ng-owner at lists.balabit.hu <syslog-ng-owner at lists.balabit.hu>;
> syslog-ng at lists.balabit.hu <syslog-ng at lists.balabit.hu>
> *Subject:* [syslog-ng] Syslog-ng 3.4.5 support question
>
> CAUTION: This email originated from outside of the organization. Do not
> follow guidance, click links, or open attachments unless you recognize the
> sender and know the content is safe.
>
> Hi,
>
> We are using syslog-ng 3.4.5 version and we are using it to utilize
> patterndb. We are not looking for bug fix but using it for just all the
> different ways we can use the patterndb xml. Please provide me the info on
> such as the IF and ELSE statements, For loops in the xml file.
>
> Thanks,
> Mukesh Kumar
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20210207/fc831bfb/attachment.html>
More information about the syslog-ng
mailing list