<div dir="ltr"><div><div><div><div><div>Because we are using the standard syslog format when sending it to a program() destination and 190 tells the facility and severity of the message.<br><br></div>You can customize the output using a template() option, e.g.:<br><br></div>program("/bin/foobar" template("$ISODATE $HOST $MSGHDR$MSG\n"));<br><br></div>But you can include any macro or name-value pair in the template, or even transform the output using template functions.<br><br></div>The template language is a pretty powerful part of syslog-ng that allows a lot of customization on how a log message is sent to a peer.<br><br></div>Bazsi<br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">-- <br>Bazsi<br></div></div></div>
<br><div class="gmail_quote">On Tue, Apr 24, 2018 at 4:47 PM, Scappatura Rocco <span dir="ltr"><<a href="mailto:Rocco.Scappatura@infracom.it" target="_blank">Rocco.Scappatura@infracom.it</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello.<br>
<br>
I have found the problem that cause my destination program not work.<br>
<br>
Indeed I see that the log line received by the destination program are preceeded by the string '<190>'.<br>
<br>
I can't explain why this strings appear, but after updating the program so that the log line are trimmed of the leading characters, the program has worked as I expected.<br>
<br>
Could someone explain why the string '<190>' appear?<br>
<br>
Regards,<br>
<br>
Rocco<br>
<br>
<br>
<br>
> -----Messaggio originale-----<br>
> Da: syslog-ng [mailto:<a href="mailto:syslog-ng-bounces@lists.balabit.hu">syslog-ng-bounces@<wbr>lists.balabit.hu</a>] Per conto di<br>
> Scappatura Rocco<br>
> Inviato: lunedì 23 aprile 2018 11:08<br>
> A: '<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>' <<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>><br>
> Oggetto: [syslog-ng] R: Destination program input<br>
<div class="HOEnZb"><div class="h5">> <br>
> Hello.<br>
> <br>
> Thanks for the answer Sandor Geller.<br>
> Could you please show me a template program() destination that works<br>
> following the logic you explained in your answer?<br>
> <br>
> Regards,<br>
> <br>
> Rocco<br>
> <br>
> > -----Messaggio originale-----<br>
> > Da: Scappatura Rocco<br>
> > Inviato: venerdì 20 aprile 2018 18:40<br>
> > A: '<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>' <<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>><br>
> > Oggetto: Destination program input<br>
> ><br>
> > Hello.<br>
> ><br>
> > I have written a C program that read the successful POP3 access log<br>
> > lines to my POP3 server. After get one line, it get the time and the<br>
> > POP3 account that logged in. These data are then stored in the account<br>
> MySQL database.<br>
> ><br>
> > The program (named 'pop3_access') works fine:<br>
> ><br>
> > echo "Apr 10 12:00:17 mail1 pop3d: LOGIN, user= xxx@domain.tld,<br>
> > ip=[::ffff:xxx.yyy.zzz.vvv], port=[56196]"|./pop3_access<br>
> ><br>
> > Infact quering DB, I get:<br>
> ><br>
> > username pop3_last_access<br>
> > xxx@domain.tld 2018-04-10 12:00:17<br>
> ><br>
> > I have configured syslog:<br>
> ><br>
> > filter f_pop3_access { facility(local7) and match ('LOGIN,'); };<br>
> > destination d_pop3_last_access { program("/usr/local/bin/pop3_<wbr>access<br>
> > >/dev/null" ); }; log { source(src); filter(f_pop3_access);<br>
> > destination(d_pop3_last_<wbr>access); };<br>
> ><br>
> > But no rows are inserted in the database..<br>
> ><br>
> > From log of destination program 'pop3_access' I see the it remains in<br>
> > a while loop waiting for an 'EOF' that never arrives:<br>
> ><br>
> > while (fgets(line, MAXSTR, stdin)) {<br>
> > if (sscanf(line, "%s %d %s %s %s %s %s %s %s", mese, &giorno,<br>
> > ora, s, proto, comando, u, ip, porta) != 9){<br>
> > syslog (LOG_NOTICE, "Errore scanf");<br>
> > exit(-1);<br>
> > }<br>
> > }<br>
> ><br>
> > How I have to do so that my program succeed in taking the syslog row<br>
> > correctly, and then returns after process the data as expected?<br>
> ><br>
> > Regards,<br>
> ><br>
> > Rocco Scappatura<br>
> ______________________________<wbr>____________________________<br>
> ____________________<br>
> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
> Documentation:<br>
> <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
</div></div></blockquote></div><br></div>