$.dev1IP = 192.168.1.1;
$.dev2IP = 192.168.1.2;
$.dev3IP = 192.168.1.3;
set $.sourceIP = $fromhost-ip;
*set $.sourceTag = "";*
*template(name="temp1" type="string"
string="/path/to/logDir/%.sourceIP%/%.sourceIP%.%.sourceTag%.log")*
*ruleset(name="rules1") {*
if ($.sourceIP == $.dev1IP) then {
* set $.sourceTag = "tag1";*
do something
} else if ($.sourceIP == $.dev2IP) then {
*set $.sourceTag = "tag2";*
do something
} else if ($.sourceIP == $.dev3IP) then {
*set $.sourceTag = "tag3";*
do something
} else {
do something if nothing else matches
}
*action(type="omfile" dynaFile="temp1")*
*}*
This is a more complete code block to show how I know it's not working. I
have logs coming in from those IP addresses but the dynamic file generated
is named "192.168.1.1..log" when instead it should be named
"192.168.1.1.tag1.log".
Running "rsyslogd -N1 -f /etc/rsyslog.conf" results in no errors.
On Wed, May 13, 2020 at 10:23 AM Rainer Gerhards <[email protected]>
wrote:
> > I have multiple devices sending logs to a central logging server and
> these
> > all sends logs in a somewhat different way, therefore I have different
> sets
> > of filters for each of these devices. The idea I had was to set variables
> > at the top of the configuration with the IP addresses for these devices
> and
> > then have a ruleset that would compare the source IP address of the
> message
> > and apply these rules under if statement blocks. Something like this:
> >
> > $.dev1IP = 192.168.1.1;
> > $.dev2IP = 192.168.1.2;
> > $.dev3IP = 192.168.1.3;
> >
> > $.sourceIP = $fromhost-ip;
> >
> > if ($.sourceIP == $.dev1IP) then {
> > do something
> > } else if ($.sourceIP == $.dev2IP) then {
> > do something
> > } else if ($.sourceIP == $.dev3IP) then {
> > do something
> > } else {
> > do something if nothing else matches
> > }
> >
> > The issue is that the above is currently not working.
>
> What does "not working" mean precisely? Is there an error message? Is
> the result other than expected?
>
> Rainer
>
> > Am I using the wrong
> > comparator? I tried using "isequal" but that didn't work either. Can I
> even
> > do what I'm trying to do? What really confuses me is that I tried doing
> the
> > values themselves in the if statement, but that didn't work either.
> >
> > Thanks,
> > ABB
> > _______________________________________________
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
