As a sidenote - it's easier, cleaner and more "flexible" (although I'm
not sure about how it compares performance-wise) to do a lookup based on
a given property (for example $hostname) and get a ruleset name as a
value. Then you can use $call_indirect to run a given ruleset.
This approach gives you a nice clean modular design.
On 13.05.2020 16:35, Anthony Benitez Borges via rsyslog wrote:
*ruleset(name="rules1") {*
if ($.sourceIP == $.dev1IP) then {
* set $.sourceTag = "tag1";*
do something
} else if ($.sourceIP == $.dev2IP) then {
*set $.sourceTag = "tag2";*
do something
} else if ($.sourceIP == $.dev3IP) then {
*set $.sourceTag = "tag3";*
do something
} else {
do something if nothing else matches
}
*action(type="omfile" dynaFile="temp1")*
*}*
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
