Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. RSyslog>
  3. users
Filtering with syslogseverity-text
rsyslog at lists
Jun 22, 2022, 4:13 AM
Post #1 of 4 (377 views)
Permalink
Hello again,

last question for today. Is there a way to filter everything from warn
and up using the text names, besides using an "or" logic to list all of
them individually?
Just to give the idea, of course you cannot greater compare strings:

if ($syslogseverity-text >= "warning") then {

But maybe there is an alternative syntax, as it does work using the
number values:

if ($syslogseverity <= 4) then {

But using the old school names would be more intuitive. Adding all
five of them individually is not really a big deal, but maybe there is a
more elegant and versatile option.

Thanks

Ede
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Filtering with syslogseverity-text [ In reply to ]
rsyslog at lists
Jun 22, 2022, 4:20 AM
Post #2 of 4 (377 views)
Permalink
look at prifilt()
https://www.rsyslog.com/doc/master/rainerscript/functions/rs-prifilt.html

this gives you an easy way to do traditional filtering (*.warn for warn or
worse) with the if...then syntax

string compares are string compares, so you can't do them directly, you could
however set $.foo variables for each level to become a number

i.e.

set $.warning = 4;
if *syslogseverity <= $.warning then {

David Lang

On Wed, 22 Jun 2022, Ede Wolf via rsyslog wrote:

> Hello again,
>
> last question for today. Is there a way to filter everything from warn
> and up using the text names, besides using an "or" logic to list all of
> them individually?
> Just to give the idea, of course you cannot greater compare strings:
>
> if ($syslogseverity-text >= "warning") then {
>
> But maybe there is an alternative syntax, as it does work using the
> number values:
>
> if ($syslogseverity <= 4) then {
>
> But using the old school names would be more intuitive. Adding all
> five of them individually is not really a big deal, but maybe there is a
> more elegant and versatile option.
>
> Thanks
>
> Ede
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Filtering with syslogseverity-text [ In reply to ]
rsyslog at lists
Jun 22, 2022, 4:39 AM
Post #3 of 4 (377 views)
Permalink
Thanks very much, David, prifilt looks very promising

Ede


Am Wed, 22 Jun 2022 04:20:48 -0700 (PDT)
schrieb David Lang <david@lang.hm>:

> look at prifilt()
> https://www.rsyslog.com/doc/master/rainerscript/functions/rs-prifilt.html
>
> this gives you an easy way to do traditional filtering (*.warn for
> warn or worse) with the if...then syntax
>
> string compares are string compares, so you can't do them directly,
> you could however set $.foo variables for each level to become a
> number
>
> i.e.
>
> set $.warning = 4;
> if *syslogseverity <= $.warning then {
>
> David Lang
>
> On Wed, 22 Jun 2022, Ede Wolf via rsyslog wrote:
>
> > Hello again,
> >
> > last question for today. Is there a way to filter everything from
> > warn and up using the text names, besides using an "or" logic to
> > list all of them individually?
> > Just to give the idea, of course you cannot greater compare strings:
> >
> > if ($syslogseverity-text >= "warning") then {
> >
> > But maybe there is an alternative syntax, as it does work using the
> > number values:
> >
> > if ($syslogseverity <= 4) then {
> >
> > But using the old school names would be more intuitive. Adding all
> > five of them individually is not really a big deal, but maybe there
> > is a more elegant and versatile option.
> >
> > Thanks
> >
> > Ede
> > _______________________________________________
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> > myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
> > POST if you DON'T LIKE THAT.

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Filtering with syslogseverity-text [ In reply to ]
rsyslog at lists
Jun 22, 2022, 4:49 AM
Post #4 of 4 (377 views)
Permalink
Also, if you are not needing to combine it with other tests, you can always do

*.warn {
action()
action()
}

and it would be equivalent of

if prifilt("*.warn") then {
action()
action()
}

use whichever makes your config the clearest to understand, the old legacy style
filter is not going to go away so that we can maintain backwards compatibility
to legacy syslog configs.

On Wed, 22 Jun 2022, Ede Wolf via rsyslog wrote:

> Thanks very much, David, prifilt looks very promising
>
> Ede
>
>
> Am Wed, 22 Jun 2022 04:20:48 -0700 (PDT)
> schrieb David Lang <david@lang.hm>:
>
>> look at prifilt()
>> https://www.rsyslog.com/doc/master/rainerscript/functions/rs-prifilt.html
>>
>> this gives you an easy way to do traditional filtering (*.warn for
>> warn or worse) with the if...then syntax
>>
>> string compares are string compares, so you can't do them directly,
>> you could however set $.foo variables for each level to become a
>> number
>>
>> i.e.
>>
>> set $.warning = 4;
>> if *syslogseverity <= $.warning then {
>>
>> David Lang
>>
>> On Wed, 22 Jun 2022, Ede Wolf via rsyslog wrote:
>>
>>> Hello again,
>>>
>>> last question for today. Is there a way to filter everything from
>>> warn and up using the text names, besides using an "or" logic to
>>> list all of them individually?
>>> Just to give the idea, of course you cannot greater compare strings:
>>>
>>> if ($syslogseverity-text >= "warning") then {
>>>
>>> But maybe there is an alternative syntax, as it does work using the
>>> number values:
>>>
>>> if ($syslogseverity <= 4) then {
>>>
>>> But using the old school names would be more intuitive. Adding all
>>> five of them individually is not really a big deal, but maybe there
>>> is a more elegant and versatile option.
>>>
>>> Thanks
>>>
>>> Ede
>>> _______________________________________________
>>> rsyslog mailing list
>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>> http://www.rsyslog.com/professional-services/
>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
>>> POST if you DON'T LIKE THAT.
>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal