Mailing List Archive

combining multiple filters
Hello,

How can I filter messages that satisfy both conditions at the same time?

:syslogtag, startswith, "dovecot" stop
:msg, startswith, "imap-login " stop

I am using rsyslog 8.1901.0-1 on Debian 10

thanks,
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: combining multiple filters [ In reply to ]
Use the new syntax. In pseudo code…

do_stop=0
if (a) {
action_a
do_stop=1
}
if (b) {
action_b
do_stop=1
}
if (do_stop) stop




> On Feb 5, 2021, at 23:47, Fourhundred Thecat via rsyslog <rsyslog@lists.adiscon.com> wrote:
>
> Hello,
>
> How can I filter messages that satisfy both conditions at the same time?
>
> :syslogtag, startswith, "dovecot" stop
> :msg, startswith, "imap-login " stop
>
> I am using rsyslog 8.1901.0-1 on Debian 10
>
> thanks,
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: combining multiple filters [ In reply to ]
actually it's even simpler. generally speaking:

if (a or b) {
action ,, (if any)
stop
}

in this special case:

if (($syslogtag startswith "dovecot") or ($msg startswith "imap-login ")) {
stop
}

I haven't checked any detail, so there may be some minor
incorrections. Error-messages, if any, will guide you.

HTH
Rainer

El sáb, 6 feb 2021 a las 14:53, John Chivian via rsyslog
(<rsyslog@lists.adiscon.com>) escribió:
>
> Use the new syntax. In pseudo code…
>
> do_stop=0
> if (a) {
> action_a
> do_stop=1
> }
> if (b) {
> action_b
> do_stop=1
> }
> if (do_stop) stop
>
>
>
>
> > On Feb 5, 2021, at 23:47, Fourhundred Thecat via rsyslog <rsyslog@lists.adiscon.com> wrote:
> >
> > Hello,
> >
> > How can I filter messages that satisfy both conditions at the same time?
> >
> > :syslogtag, startswith, "dovecot" stop
> > :msg, startswith, "imap-login " stop
> >
> > I am using rsyslog 8.1901.0-1 on Debian 10
> >
> > thanks,
> > _______________________________________________
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.