the property is "$.sourceTag" in a template you do %<property>% so what you need
is %$.sourceTag%
David Lang
On Wed, 13 May 2020, Anthony Benitez Borges via rsyslog wrote:
Date: Wed, 13 May 2020 14:35:58 -0400
From: Anthony Benitez Borges via rsyslog <[email protected]>
To: Rainer Gerhards <[email protected]>
Cc: Anthony Benitez Borges <[email protected]>,
rsyslog-users <[email protected]>
Subject: Re: [rsyslog] Fwd: How to do comparison between two variables?
Actually when I rename the string as
*string="/path/to/logDir/$.sourceIP/$.sourceIP.$.sourceTag.log" *
then these are printed literally. After applying that change now there is a
path called exactly as the above, not as the values the variables hold.
Only when I treat them as properties do they work as expected.
On Wed, May 13, 2020 at 11:17 AM Rainer Gerhards <[email protected]>
wrote:
$.dev1IP = 192.168.1.1;
$.dev2IP = 192.168.1.2;
$.dev3IP = 192.168.1.3;
set $.sourceIP = $fromhost-ip;
set $.sourceTag = "";
template(name="temp1" type="string"
string="/path/to/logDir/%.sourceIP%/%.sourceIP%.%.sourceTag%.log")
The problem is that ".sourceTag" is not a property, but a variable.
You need to specify a variable with a leading dollar sign, as such
$.sourceTag.
The same is true for .sourceIP, but I guess this is a typo or some
other unshown part in your config "fixes" the issue.
Rainer
ruleset(name="rules1") {
if ($.sourceIP == $.dev1IP) then {
set $.sourceTag = "tag1";
do something
} else if ($.sourceIP == $.dev2IP) then {
set $.sourceTag = "tag2";
do something
} else if ($.sourceIP == $.dev3IP) then {
set $.sourceTag = "tag3";
do something
} else {
do something if nothing else matches
}
action(type="omfile" dynaFile="temp1")
}
This is a more complete code block to show how I know it's not working.
I have logs coming in from those IP addresses but the dynamic file
generated is named "192.168.1.1..log" when instead it should be named
"192.168.1.1.tag1.log".
Running "rsyslogd -N1 -f /etc/rsyslog.conf" results in no errors.
On Wed, May 13, 2020 at 10:23 AM Rainer Gerhards <
[email protected]> wrote:
I have multiple devices sending logs to a central logging server and
these
all sends logs in a somewhat different way, therefore I have
different sets
of filters for each of these devices. The idea I had was to set
variables
at the top of the configuration with the IP addresses for these
devices and
then have a ruleset that would compare the source IP address of the
message
and apply these rules under if statement blocks. Something like this:
$.dev1IP = 192.168.1.1;
$.dev2IP = 192.168.1.2;
$.dev3IP = 192.168.1.3;
$.sourceIP = $fromhost-ip;
if ($.sourceIP == $.dev1IP) then {
do something
} else if ($.sourceIP == $.dev2IP) then {
do something
} else if ($.sourceIP == $.dev3IP) then {
do something
} else {
do something if nothing else matches
}
The issue is that the above is currently not working.
What does "not working" mean precisely? Is there an error message? Is
the result other than expected?
Rainer
Am I using the wrong
comparator? I tried using "isequal" but that didn't work either. Can
I even
do what I'm trying to do? What really confuses me is that I tried
doing the
values themselves in the if statement, but that didn't work either.
Thanks,
ABB
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
