Boolean operators in FilterX
FilterX is an experimental feature currently under development. Feedback is most welcome on Discord and GitHub.
Available in AxoSyslog 4.8.1 and later.
When a log statement includes multiple filter statements, AxoSyslog sends a message to the destination only if all filters are true for the message. In other words, the filters are connected by logical AND operators. In the following example, no message arrives to the destination, because the filters are mutually exclusive (the hostname of a client cannot be example1 and example2 at the same time):
log {
source(s1); source(s2);
filterx { ${HOST} == "example1"; };
filterx { ${HOST} == "example2"; };
destination(d1); destination(d2); };
To select the messages that come from either host example1 or example2, use a single filter expression:
log {
source(s1); source(s2);
filterx { ${HOST} == "example1" or ${HOST} == "example2"; };
destination(d1); destination(d2); };
Use the not operator to invert boolean filters, for example, to select messages that weren’t sent by host example1:
filterx { not ( ${HOST} == "example1" ); };
In some cases, instead of boolean operators, you can also use the != (not equal to) comparison or the !~ (doesn’t contain) string operator.
When checking for equality (==), sometimes it’s also important to check that the two operands have the same type. For that purpose, you can use the === (strict equality) operator.
However, to select the messages that weren’t sent by host example1 or example2, you have to use the and operator (that’s how boolean logic works, see De Morgan’s laws for details):
filterx { not (${HOST} == "example1") and not (${HOST} == "example2"); };
Alternatively, you can use parentheses and the or operator to avoid this confusion:
filterx { not ( (${HOST} == "example1") or (${HOST} == "example2") ); };
The following filter statement selects the messages that contain the word deny and come from the host example.
filterx {
${HOST} == "example";
${MESSAGE} =~ "deny";
};