Hi all, I have a setup where a linux box receives syslogs from multiple
sources, filters them and then forwards the resulting lines to a remote
storage
Everything works works as intended, I' just trying to make easier to add new
sources and new filters to the occasional sysadmin
E.g, I have a lot of ruleset similar to :
ruleset( name="rs__windows_event_log_as_syslog__filterByAdmin" ) {
if ( $msg contains [ "admname1" , "admname2" .... , "Administrator" ] )
then { call sendToLogserver }
stop
}
As you ca see, the list of people to filter is hardcoded in the config
files.
My idea is :
set $.admin = ["this","that" ..... ]
ruleset( name="rs__windows_event_log_as_syslog__filterByAdmin" ) {
if ( $msg contains $.admin ) then { call sendToLogserver }
stop
}
but doen't seem to work ( obviously i'll move the variable definition in a
file by itself, or/and with other similar definitions )
syslogd -N1 is happy but it seem like the "value" ( right of comparison )
can only be a string between two " .
Is it right ? Is there a way to accomplish this ( parametrize the omparison
with dnamic variables ) ?
Thanks ( and sorry for bad english )
Arcre
--
Sent from: http://rsyslog-users.1305293.n2.nabble.com/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
