Ordering log rules

[daks]

Hello,

we are using Saltstack with pillarstack, and we declare syslog-ng rules in multiple pillarstack files. One contains the basic configuration and others contains src/filter/dest/rule only when a specific 'service' is needed on the server.

So in our case, pillars are loaded in the following order (simplified): base pillars, service pillars. Some examples:

# base pillar with default configuration (simplified)
syslog_ng:
  source:
    - s_src:
      - system: null
      - internal: null
  filter:
    - f_syslog3:
      - =not facility(auth, authpriv, mail) and not filter(f_debug)
  destination:
    - d_syslog:
      - file:
        - /var/log/syslog
  log:
    -
      - source: =s_src
      - filter: =f_syslog3
      - destination: =d_syslog

# service pillar
syslog_ng:
  destination:
    - d_carbon:
      - file:
        - /var/log/carbon.log
  filter:
    - f_carbon:
      - =program("carbon")
  log:
    -
      - source: =s_src
      - filter: =f_carbon
      - destination: =d_carbon
      - flags: =final

The objective is to send all carbon logs (filter f_carbon) to destination d_carbon and not in default destination /var/log/syslog, that's why we added the final flag.

Because the final pillar (concatenation of all pillar files) contains the base one first and the service one then, the syslog-ng configuration file /etc/syslog-ng/syslog-ng.conf contains first the rule to send all to /var/log/syslog and then the rule to send to /var/log/carbon.log. It does not work as wanted, but it's is expected because items in "log" pillar are ordered.

It could be interesting to have a way to order log rules, so that this setup can work with complex setups including multiple pillar files.