<br>I have some syntax working now but can't get a reliable means of sending smtp notifications.. Just curious how other people are doing it. Here is my current setup:<br><br><span style="font-family: courier new,monospace;">template t_smtp { template("$HOST <$PRI>$DATE $HOST $MSG\n"); template_escape(no); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh"); };</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">log { source (s_udp); filter (f_kern); filter (f_crit); destination (r_smtp); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">log { source (s_udp); filter (f_user); filter (f_crit); destination (r_smtp); };</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">log { source (s_udp); filter (f_daemon); filter (f_crit); destination (r_smtp); };</span><br>
<br>The above catches the messages and executes my script.<br><br>Here is my script:<br><span style="font-family: courier new,monospace;">#!/bin/sh</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">RECPT="<a href="mailto:me@example.com">me@example.com</a>"</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">tstamp=`localtime`</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">log="/var/adm/syslog-ng-mailer.log"</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">tmp="/tmp/syslog-ng-mailer.$$"</span><br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">while read line; do</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> echo $line >> $tmp</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">done</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">/usr/local/bin/cat $tmp | /bin/mailx -s "SyslogAlet" $RECPT</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">/bin/rm $tmp</span><br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">exit 0;</span><br>
<br>The script is getting executed but with the following issues:<br><br>1) When I execute the following 3 commands on a remote host that logs to my syslog-ng server, it appears to only execute my script once:<br><br><span style="font-family: courier new,monospace;"># logger -p user.crit "TESTING 1" </span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"># logger -p user.crit "TESTING 2" </span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"># logger -p user.crit "TESTING 3" </span><br>
<br>So I wind up with a single tmp file instead of 3 as I would expect:<br><span style="font-family: courier new,monospace;">root@syslog:/tmp# cat syslog-ng-mailer.4053 </span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Nov 5 08:58:07 pwydbsolp05 carsoc: [ID 702911 user.crit] TESTING 1</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Nov 5 08:58:08 pwydbsolp05 carsoc: [ID 702911 user.crit] TESTING 2</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Nov 5 08:58:10 pwydbsolp05 carsoc: [ID 702911 user.crit] TESTING 3</span><br style="font-family: courier new,monospace;"><br>Here I see the processes associated with my script:<br>
<span style="font-family: courier new,monospace;">root@syslog:/tmp# ps -ef | grep syslog-ng-mailer</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> root 4052 4048 0 08:17:19 ? 0:00 /bin/sh -c /usr/local/sbin/syslog-ng-mailer.sh</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> root 4053 4052 0 08:17:19 ? 0:00 /bin/sh /usr/local/sbin/syslog-ng-mailer.sh<br><br></span>These processes just seem to hand.. Every once in a a message will actually get delivered but its blank with the exception of the subject.<br>
<br>I've tried several different scripts, some that try and parse the command line arguments individually, some that just read STDIN until EOF, and etc....<br><br>I can't get anything reliable working.<br><br>Any ideas?<br>
<br><br><div class="gmail_quote">On Fri, Nov 5, 2010 at 7:08 AM, Sandor Geller <span dir="ltr"><<a href="mailto:Sandor.Geller@morganstanley.com">Sandor.Geller@morganstanley.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
there is an extra semicolon... remove the one after template()<br>
<div><div></div><div class="h5"><br>
On Fri, Nov 5, 2010 at 3:04 PM, Chuck <<a href="mailto:chuck.carson@gmail.com">chuck.carson@gmail.com</a>> wrote:<br>
><br>
> It doesn't like this synxtax either:<br>
><br>
> destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh"<br>
> template("$HOST <$PRI>$DATE $HOST $MSG\n"); ); };<br>
><br>
> I can't get any syntax as all working that uses the template() option.<br>
><br>
> -Chuck<br>
><br>
> On Fri, Nov 5, 2010 at 6:57 AM, Sandor Geller<br>
> <<a href="mailto:Sandor.Geller@morganstanley.com">Sandor.Geller@morganstanley.com</a>> wrote:<br>
>><br>
>> Hi,<br>
>><br>
>> On Fri, Nov 5, 2010 at 2:46 PM, Chuck <<a href="mailto:chuck.carson@gmail.com">chuck.carson@gmail.com</a>> wrote:<br>
>> ><br>
>> > I am running 3.0.4 on a solaris 10 host. I am trying to send critical<br>
>> > and<br>
>> > emergency events via smtp. I have the following syntax:<br>
>> ><br>
>> > destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh<br>
>> > $HOST" template("<$PRI>$DATE $HOST $MSG\n.\n"); ); };<br>
>><br>
>> Maybe you misunderstood the example.<br>
>><br>
>> program ("/usr/local/sbin/syslog-ng-mailer.sh $HOST"<br>
>><br>
>> is bad, the whole string including the space and $HOST is treated as<br>
>> the program name... Instead of that use<br>
>><br>
>> program ("/usr/local/sbin/syslog-ng-mailer.sh" template(...<br>
>><br>
>> hth,<br>
>><br>
>> Sandor<br>
><br>
><br>
</div></div></blockquote></div><br>