In order to aid some string comparisons, I have just introduced constant string arrays in rsyslog. Look at this construct:
if $msg contains [“event12”, “event15″,”event19”] then
/home/rgerhards/logfile
This will match if $msg contains any of the three strings given inside the array, so it works like an implicit “or”. I have seen this in a couple of customer configs and I am confident that this will ease rsyslog configuration. In later releases, it will also provide room for performance optimizations.
This feature will be part of 7.1.7.
[edit] Starting with rsyslog 7.3.6, string array comparisons are notably faster, especially if the array is large. At most, there are log(n) comparisons required (where n is the array size).