Forum Discussion
Gill_32697
Nimbostratus
Nimbostratustmsh Syslog match filter script
This is a snippet of a syslog filter that is work perfectly.
--
filter f_custom { (level(notice) and match(\"Pool /Common/\")) ;
--
I'm needing to add a few more search filters but cant get it to work or ill get a syntax wrong. I would like to add these two triggers filters to the current match string... "Virtual /Common/" "pool /Common/"
2 Replies
VernonWellsEmployee
Do you want it to match a message that contains both "Virtual /Common/" AND "pool /Common/", or messages that contain either of those (but not necessarily both)?
To get the "either" match:
filter f_custom { level (notice) and (match (\"Virtual /Common/\") or match (\"pool /Common/\")); };To get the "and" match, you can either:
filter f_custom { level (notice) and match (\"Virtual /Common/\") and match (\"pool /Common/\"); };or you can string together filters:
filter f_notice_only { level (notice); }; filter f_virtual_common { match (\"Virtual /Common/\"); }; filter f_pool_common { match (\"pool /Common/\") }; log { source (s_syslog_pipe); filter (f_notice_only); filter (f_virtual_common); filter (f_pool_common); destination (d_your_custom_destination); };The
stanza implies "AND" operations between the selectors.log- Gill_32697
Thanks, seems to be working. Im using the "either" match" and im getting logs if the Pool Member or Vip is down.
