From 09708798a22b61851e24e97c3c4bcdef0316fa99 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Tue, 3 Nov 2009 09:55:23 +0100
Subject: improved omruleset doc

---
 doc/omruleset.html | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

(limited to 'doc/omruleset.html')

diff --git a/doc/omruleset.html b/doc/omruleset.html
index 95b0f5b5..41d6ccfc 100644
--- a/doc/omruleset.html
+++ b/doc/omruleset.html
@@ -88,7 +88,39 @@ $ActionOmrulesetRulesetName CommonAction
 
 # of course, we can have "regular" actions alongside :omrulset: actions
 *.* /path/to/general-message-file.log
+</textarea>
+<p>The next example is used to creat a high-performance nested and filter condition. Here,
+it is first checked if the message contains a string &quot;error&quot;. If so, the message is forwarded
+to another ruleset which then applies some filters. The advantage of this is that we can use
+high-performance filters where we otherwise would need to use the (much slower) expression-based
+filters. Also, this enables pipeline processing, in that second ruleset is executed in
+parallel to the first one.</p>
+<textarea rows="30" cols="80">$ModLoad omruleset
 
+# define "second" ruleset 
+$RuleSet nested
+$RulesetCreateMainQueue on # again, we use our own queue
+mail.*   /path/to/mailerr.log
+kernel.* /path/to/kernelerr.log
+auth.*   /path/to/autherr.log
+
+#switch back to default ruleset
+$ruleset RSYSLOG_DefaultRuleset
+
+# begin first action - here we filter on "error"
+# note that we must first specify which ruleset to use for omruleset:
+$ActionOmrulesetRulesetName nested
+:msg, contains, "error :omruleset:
+#end first action
+
+# begin second action - as an example we can do anything else in
+# this processing. Note that these actions are processed concurrently
+# to the ruleset "nested"
+:FROMHOST, isequal, "myhost.example.com" /path/to/host.log
+#end second action
+
+# of course, we can have "regular" actions alongside :omrulset: actions
+*.* /path/to/general-message-file.log
 </textarea>
 <p><b>Caveats/Known Bugs:</b>
 <p>The current configuration file language is not really adequate for a complex construct
-- 
cgit