Hi
Combined threads reply follow.
On Thu, 1 Dec 2016, David Lang wrote
sigh, this is getting a wee bit frustrating, you keep saying "it hurts
when I do X", we say "that doesn't work well, do Y" and you come back
a day or so later saying "but it really huts when I do X"... (it
doesn't help when we ask you to provide information and you instead
spend hours trying other things)
I understand you better than you think. I'm the pupil you never wanted.
Said so, in my defense, I would say I am testing the /Y/ things too.
now that I have expressed my frustration, you are finding bugs,
helping to fix them, and raising some good questions along the way.
Just understand why once in a while our answers seem a bit curt.
Don't worry. I understand it but I'm learning a lot along the way!. You
are having A LOT of patience and being really kind and very instructive.
while I can see the use cases for "call $.var", what would you do if
you call a ruleset that doesn't exist? you would first have to do 'if
$.var == [array of legal values] then' to be safe.
Sure, something like if $!var exists then { call $!var } (one if
statement vs many)
1. just a bunch of if statements
performance cost of doing a bunch of if tests
easy to include additional tests from a directory of files
That's my best option so far.
2/3. if then else if...
This saves up to 199 if's. Would this be noticiable?
4. switch statement
This seems interesting...
5. variable call statements
what to do if called ruleset doesn't exist?
I'm screwed
6. function lookup tables
This is the Nth time you mention those...start to think I *really* need
to start messing with them.
I think that with elsif, the need for switch (#4) is low, and the
restrictions of it only doing simple equivalence tests (no startswith,
contains, etc) really limit it's use
Totally agree.
call var (#5) seems easy to implement, but I really don't like opening
up the problem of calling a non-existant ruleset. We could have it
silently do nothing, but that gets really messy and I am already
cringing at the troubleshooting exhanges we will have to help people
figure out what is/isn't happeing.
Is there a *exists* statement? (eg: /if exists "object-name" then/)
function pointers are by far the most complicated, and since they
include ruleset parsing after startup, they have the potential to be
really ugly to implement. On the other hand, they are also by far the
most powerful. If we could do things like limiting the functions so
that they can't do any of the startup-type things[1] and only include
statements that are normally executed for each log type, this would
also give us a back-door way of providing the dynamic configuration
that many people have been asking for.
"Limiting the functions" sounds too /patchy/ for me.
On Thu, 1 Dec 2016, David Lang wrote
if <condition> then {
set common things
}
$includeconfig /etc/rsyslog.d/apps.d/*.conf
else {
unknown app
}
in each of the apps.d/*.conf files do
else if <condition> then {
stuff
}
This is what I had in mind.
(as an optimization, make the most common apps the earliest in the
directory)
Loved alphabetical order, but now I understand why this is better.
On Fri, 2 Dec 2016, Rainer Gerhards wrote
What exactly do you do with the variables you set inside the if body?
Are they always the same? Where does the data originate from?
I try to understand the scenario better, because I vaguely think I may
be able to find a much simpler solution which would require possible
minimal code changes. But I can't express myself clearer at the
moment, it's more a gut feeling.
It would be good if you could post some *concrete* example of three or
four of the if blocks, that would definitely aid understanding.
As David said, I would love having separated config files for each app to:
1. normalize
2. define this application pipeline (after normalization, invoke geoip,
add some fields to JSON...)
3. index or drop messages at app criterion.
Main config would be some common routines (like index)+combined app.conf
files.
On Fri, 2 Dec 2016, David Lang wrote
if the liblognorm ruleset ammend=: line could assign variable
contents, not just constant strings, it would address 90% of the issues.
It would let me add/remove/edit fields. Other things, like geoip
tagging, should still be made manually (I guess)
On Fri, 2 Dec 2016, Rainer Gerhards wrote
Nothing I can do immediately, but can you pls open an issue tracker
with some explanation (copy&paste?) on liblognorm. I have planned time
early next year to work on enhancements and this would fit in.
Music to my ears
Thank you both a lot for you replies.
Not only learning a lot, but feeling in debt with you, reason why I'm
contributing as much as I can in the most ways I'm able.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
