<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hello,<div><br></div><div>Does you get the messages over network or file ? (In your configuration I saw network, but in your example messages I saw file like result)</div><div>or maybe does it send via network the same messages ? (withouth any header and so on)</div><div><br></div><div>Okay, so if you want to trigger a shell script when "exit child, pid=1287" is recieved (assuming that $MESSAGE macro contains the previous text).</div><div><br></div><div>You could simply do a filter and program destination (one possible solution), as follows:</div><div><br></div><div>log {</div><div> source(not-sure-about-this);</div><div> filter { message("exit child"); };</div><div> destination {</div><div> program("your-executable-to-call");</div><div> };</div><div><br></div><div>(I would recommend a simple code like this, if it is enough)</div><div><br></div><div>If you need the *pid* value parsed, and supplied to your application, you can also do an additional *kv-parse*-ing step:</div><div><br></div><div>log {</div><div> ....</div><div><div> parser { kv-parser(prefix(".proc.") extract-stray-words-into('.proc.action')); };</div><div><br></div><div><div><br></div><div> destination {</div><div> program("/tmp/print" template("$MESSAGE ${.proc.pid} ${.proc.action}\n"));</div><div> };</div></div></div><div><br></div><div>This way the *${.proc.pid}* macro going to give you back the pid number.</div><div><br></div><div>In case you have to know that it has been started, or you have to do a trigger if there is a possibility not to get "exit child"; you could use for example *grouping-by*:</div><div><br></div><div><div>log {</div><div> source { stdin(flags(no-parse)); };</div><div><br></div><div> parser { kv-parser(prefix(".proc.") extract-stray-words-into('.proc.action')); };</div><div><br></div><div> parser { grouping-by(</div><div> key("${.proc.pid}")</div><div> aggregate(</div><div> inherit-mode(last-message)</div><div> value(".proc.trigger" "1")</div><div> )</div><div> timeout(60) #if no exit child is recieved, it is going to trigger a message anyway</div><div> trigger( message("exit child") )</div><div> inject-mode("pass-through")</div><div> );</div><div> };</div><div><br></div><div> filter { match("1" value(".proc.trigger")); };</div><div><br></div><div> destination {</div><div> program("/tmp/print" template("$MESSAGE ${.proc.pid} ${.proc.trigger}\n"));</div><div> };</div><div>};</div></div><div><br></div><div><br></div><div>This last example either going to trigger if there has been any message with pid=9999 and one with "exit child" or the 60 sec timeout triggered.</div><div><br></div><div>Note: this last example probably could be improved uppon, providing more filter, and proper aggregation if needed; but also probably an overkill just to trigger message on "exit child".</div><div><br></div><div>--</div><div>Kokan</div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Apr 26, 2019 at 9:03 PM Thomas Schmiedl <<a href="mailto:thomas.schmiedl@web.de">thomas.schmiedl@web.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello Péter,<br>
<br>
could you send me an example, it's complicated for a beginner. xupnpd2<br>
sends such messages:<br>
<br>
run child, pid=1283<br>
exit child, pid=1283<br>
run child, pid=1284<br>
exit child, pid=1284<br>
run child, pid=1285<br>
exit child, pid=1285<br>
run child, pid=1286<br>
exit child, pid=1286<br>
run child, pid=1287<br>
using handler 'hls' for<br>
'<a href="http://sochi-strk.ru:1936/strk/strk.stream/playlist.m3u8" rel="noreferrer" target="_blank">http://sochi-strk.ru:1936/strk/strk.stream/playlist.m3u8</a>'<br>
exit child, pid=1287<br>
run child, pid=1289<br>
run child, pid=1290<br>
run child, pid=1291<br>
run child, pid=1293<br>
run child, pid=1292<br>
run child, pid=1294<br>
exit child, pid=1289<br>
exit child, pid=1290<br>
<br>
On "exit child, pid=1287" should be executed the shellscript to stop ffmpeg.<br>
<br>
Thanks,<br>
Thomas<br>
<br>
Am 26.04.2019 um 18:26 schrieb Péter, Kókai:<br>
> Hello,<br>
><br>
> I think you are looking for *grouping-by*, that can group together multiple<br>
> messages.<br>
> You could use *kv-parse* to parse the exit child, pid=1234 and use *pid* as<br>
> key to group the messages.<br>
><br>
><br>
> --<br>
> Kokan<br>
><br>
> On Fri, Apr 26, 2019 at 5:25 PM Thomas Schmiedl <<a href="mailto:thomas.schmiedl@web.de" target="_blank">thomas.schmiedl@web.de</a>><br>
> wrote:<br>
><br>
>> Hallo,<br>
>><br>
>> for a first test, I wrote this small conf, which matches the first<br>
>> stream in<br>
>> <a href="https://github.com/clark15b/xupnpd2/blob/master/media/example.m3u" rel="noreferrer" target="_blank">https://github.com/clark15b/xupnpd2/blob/master/media/example.m3u</a>.<br>
>><br>
>> @version: 3.20<br>
>><br>
>> source s0 { udp(ip(0.0.0.0) port(514)); };<br>
>><br>
>> destination d0 { file("/home/user/syslog-ng-intel/test"); };<br>
>><br>
>> log { source(s0); filter { message(".*\[(.*)\].*strk\.stream.*"<br>
>> flags("store-matches")); }; destination(d0); };<br>
>><br>
>> Is it possible to get the variable value of the stored match from the<br>
>> log for a second log to match "exit child, pid=<variable>"?<br>
>><br>
>> Thanks,<br>
>> Thomas<br>
>><br>
>> Am 25.04.2019 um 08:46 schrieb Péter, Kókai:<br>
>>> Hello,<br>
>>><br>
>>> Assuming the log file looks like this:<br>
>>><br>
>>> ```<br>
>>> run child, pid = 1715<br>
>>> using handler 'hls' for '<a href="http://localhost/" rel="noreferrer" target="_blank">http://localhost/</a>'<br>
>>> exit child, pid = 1715<br>
>>> ```<br>
>>><br>
>>> Filters and source could be something like this:<br>
>>> ```<br>
>>> @version: 3.20<br>
>>> @include "scl.conf"<br>
>>><br>
>>> source xupnpd2 {<br>
>>> file("/tmp/xup" flags(no-parse)); # no-parse needed to set $MESSAGE,<br>
>> if<br>
>>> the file does contain only the above lines it is fine not to parse<br>
>>> };<br>
>>><br>
>>> log { source(xupnpd2); filter { message("run child"); };<br>
>> destination(d0); };<br>
>>> log { source(xupnpd2); filter { message("exit child"); } ;<br>
>> destination(d0);<br>
>>> };<br>
>>> ```<br>
>>><br>
>>> If needed syslog-ng could parse, pid and you can transfare more<br>
>> structured<br>
>>> to the program destination.<br>
>>><br>
>>> --<br>
>>> Kokan<br>
>>><br>
>>> On Wed, Apr 24, 2019 at 4:15 PM Thomas Schmiedl <<a href="mailto:thomas.schmiedl@web.de" target="_blank">thomas.schmiedl@web.de</a>><br>
>>> wrote:<br>
>>><br>
>>>> Hello,<br>
>>>><br>
>>>> thanks Péter for your reply. Please could you write the filters<br>
>>>><br>
>>>> 1. for the start (2 lines with a variable 'pid' number):<br>
>>>> run child, pid = 1715<br>
>>>> using handler 'hls' for '... URL ...'<br>
>>>><br>
>>>> 2. for the stop:<br>
>>>> exit child, pid = 1715<br>
>>>><br>
>>>> Thanks,<br>
>>>> Thomas<br>
>>>><br>
>>>> Am 24.04.2019 um 15:05 schrieb Péter, Kókai:<br>
>>>>> Hello,<br>
>>>>><br>
>>>>> 'I have the question, if I could use syslog-ng to filter the start and<br>
>>>> stop<br>
>>>>> of the stream'<br>
>>>>> Yes, it can filter those messages (disclaimer without seeing those<br>
>>>>> messages).<br>
>>>>><br>
>>>>> 'and execute an action "ffmpeg stop" and "delete video segments".'<br>
>>>>> It was not something syslog-ng is designed to, but for example you<br>
>> could<br>
>>>>> use program destination to execute arbitrary executable (like s small<br>
>>>>> script to call ffmpeg stop).<br>
>>>>><br>
>>>>> You could do something like this (not tested) to have separate things<br>
>> to<br>
>>>> do<br>
>>>>> based on start/stop:<br>
>>>>><br>
>>>>> @version: 3.20<br>
>>>>> source xupnpd2 {<br>
>>>>> stdin(flags(no-parse));<br>
>>>>> };<br>
>>>>><br>
>>>>> destination start {<br>
>>>>> program("/usr/bin/do-start-magic.sh");<br>
>>>>> };<br>
>>>>><br>
>>>>> destination stop {<br>
>>>>> program("/usr/bin/do-stop-magic.sh");<br>
>>>>> };<br>
>>>>><br>
>>>>> log { source(xupnpd2); filter { program("xupnpd2") AND<br>
>> message("start");<br>
>>>> };<br>
>>>>> destination(start); };<br>
>>>>> log { source(xupnpd2); filter { program("xupnpd2") AND message("stop");<br>
>>>> } ;<br>
>>>>> destination(stop); };<br>
>>>>><br>
>>>>><br>
>>>>> Each log/event is a single new line to the program stdin, which it<br>
>> should<br>
>>>>> process.<br>
>>>>><br>
>>>>> --<br>
>>>>> Kokan<br>
>>>>><br>
>>>>><br>
>>>>><br>
>>>>> On Wed, Apr 24, 2019 at 2:36 PM Thomas Schmiedl <<br>
>> <a href="mailto:thomas.schmiedl@web.de" target="_blank">thomas.schmiedl@web.de</a>><br>
>>>>> wrote:<br>
>>>>><br>
>>>>>> Hello,<br>
>>>>>><br>
>>>>>> I use the mediaserver xupnpd2 (<a href="https://github.com/clark15b/xupnpd2" rel="noreferrer" target="_blank">https://github.com/clark15b/xupnpd2</a>)<br>
>> on<br>
>>>>>> the router to show HLS streams on the TV. Unfortunately, the software<br>
>> is<br>
>>>>>> no longer maintained by the original developer (I'm not a developer<br>
>>>>>> myself). The HLS processing would have to be revised.<br>
>>>>>><br>
>>>>>> My idea is to start a ffmpeg and a local web server on the router, if<br>
>> I<br>
>>>>>> want to display the stream (the script xupnpd.lua will be executed,<br>
>>>>>> which starts ffmpeg etc.). Unfortunately there is not such a script<br>
>> when<br>
>>>>>> terminating the stream (exit ffmpeg etc.).<br>
>>>>>><br>
>>>>>> xupnpd2 uses a log where you can track the start as well as the ending<br>
>>>>>> of the stream. Since the router has only a small amount of internal<br>
>>>>>> memory to write and analyze a logfile, I have the question, if I could<br>
>>>>>> use syslog-ng to filter the start and stop of the stream and execute<br>
>> an<br>
>>>>>> action "ffmpeg stop" and "delete video segments". I have very little<br>
>>>>>> Linux knowledge, maybe you can help me.<br>
>>>>>><br>
>>>>>> Here is the excerpt from the xupnpd2 log (Loglevel 8).<br>
>>>>>><br>
>>>>>> When starting the stream:<br>
>>>>>> run child, pid = 1715<br>
>>>>>> using handler 'hls' for '... URL ...'<br>
>>>>>><br>
>>>>>> When stopping the stream:<br>
>>>>>> exit child, pid = 1715<br>
>>>>>><br>
>>>>>> Best regards,<br>
>>>>>> Thomas Schmiedl<br>
>>>>>><br>
>>>>>><br>
>>>><br>
>> ______________________________________________________________________________<br>
>>>>>> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
>>>>>> Documentation:<br>
>>>>>> <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
>>>>>> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
>>>>>><br>
>>>>>><br>
>>>>><br>
>>>>><br>
>>>>><br>
>>>><br>
>> ______________________________________________________________________________<br>
>>>>> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
>>>>> Documentation:<br>
>>>> <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
>>>>> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
>>>>><br>
>>>><br>
>>>><br>
>> ______________________________________________________________________________<br>
>>>> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
>>>> Documentation:<br>
>>>> <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
>>>> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
>>>><br>
>>>><br>
>>><br>
>>><br>
>>><br>
>> ______________________________________________________________________________<br>
>>> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
>>> Documentation:<br>
>> <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
>>> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
>>><br>
>><br>
>> ______________________________________________________________________________<br>
>> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
>> Documentation:<br>
>> <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
>> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
>><br>
>><br>
><br>
><br>
> ______________________________________________________________________________<br>
> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
><br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>