Actually when I rename the string as *string="/path/to/logDir/$.sourceIP/$.sourceIP.$.sourceTag.log" *
then these are printed literally. After applying that change now there is a path called exactly as the above, not as the values the variables hold. Only when I treat them as properties do they work as expected. On Wed, May 13, 2020 at 11:17 AM Rainer Gerhards <[email protected]> wrote: > > $.dev1IP = 192.168.1.1; > > $.dev2IP = 192.168.1.2; > > $.dev3IP = 192.168.1.3; > > > > set $.sourceIP = $fromhost-ip; > > set $.sourceTag = ""; > > > > template(name="temp1" type="string" > string="/path/to/logDir/%.sourceIP%/%.sourceIP%.%.sourceTag%.log") > > The problem is that ".sourceTag" is not a property, but a variable. > You need to specify a variable with a leading dollar sign, as such > $.sourceTag. > > The same is true for .sourceIP, but I guess this is a typo or some > other unshown part in your config "fixes" the issue. > > Rainer > > > > ruleset(name="rules1") { > > if ($.sourceIP == $.dev1IP) then { > > set $.sourceTag = "tag1"; > > do something > > } else if ($.sourceIP == $.dev2IP) then { > > set $.sourceTag = "tag2"; > > do something > > } else if ($.sourceIP == $.dev3IP) then { > > set $.sourceTag = "tag3"; > > do something > > } else { > > do something if nothing else matches > > } > > action(type="omfile" dynaFile="temp1") > > } > > > > This is a more complete code block to show how I know it's not working. > I have logs coming in from those IP addresses but the dynamic file > generated is named "192.168.1.1..log" when instead it should be named > "192.168.1.1.tag1.log". > > > > Running "rsyslogd -N1 -f /etc/rsyslog.conf" results in no errors. > > > > > > On Wed, May 13, 2020 at 10:23 AM Rainer Gerhards < > [email protected]> wrote: > >> > >> > I have multiple devices sending logs to a central logging server and > these > >> > all sends logs in a somewhat different way, therefore I have > different sets > >> > of filters for each of these devices. The idea I had was to set > variables > >> > at the top of the configuration with the IP addresses for these > devices and > >> > then have a ruleset that would compare the source IP address of the > message > >> > and apply these rules under if statement blocks. Something like this: > >> > > >> > $.dev1IP = 192.168.1.1; > >> > $.dev2IP = 192.168.1.2; > >> > $.dev3IP = 192.168.1.3; > >> > > >> > $.sourceIP = $fromhost-ip; > >> > > >> > if ($.sourceIP == $.dev1IP) then { > >> > do something > >> > } else if ($.sourceIP == $.dev2IP) then { > >> > do something > >> > } else if ($.sourceIP == $.dev3IP) then { > >> > do something > >> > } else { > >> > do something if nothing else matches > >> > } > >> > > >> > The issue is that the above is currently not working. > >> > >> What does "not working" mean precisely? Is there an error message? Is > >> the result other than expected? > >> > >> Rainer > >> > >> > Am I using the wrong > >> > comparator? I tried using "isequal" but that didn't work either. Can > I even > >> > do what I'm trying to do? What really confuses me is that I tried > doing the > >> > values themselves in the if statement, but that didn't work either. > >> > > >> > Thanks, > >> > ABB > >> > _______________________________________________ > >> > rsyslog mailing list > >> > https://lists.adiscon.net/mailman/listinfo/rsyslog > >> > http://www.rsyslog.com/professional-services/ > >> > What's up with rsyslog? Follow https://twitter.com/rgerhards > >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > you DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
