I am a fairly new to all this so please excuse me.

 

I am having lots of problems getting syslog-ng to send email alerts based upon certain text based filters. I am running RedHat 9.0 with syslog-ng-1.6.2-1 installed from the rpm, I have configured the syslog-ng.conf file correctly to enable filtering with a match statement for a specific IP address in the logs and this works when using ‘destination file { file("/etc/syslog-ng/test.log"); };’ but when I point this to the perl script that I have got off of this URL http://www.campin.net/newlogcheck.html I get nothing. Please see below the destination statement and perl script that I have created with executable permissions.

 

Syslog-ng.conf

 

destination email { program("/etc/syslog-ng/mail.pl"); };

 

            filter f_test {

        match(192.168.1.1);

};

 

log {

        source(src);

        filter(f_test);

        destination(email);

};

 

Mail.pl

 

#!/usr/bin/perl -n

#

## shell version

#

# while read line; do

#     echo $line | /bin/mail -s "log alert" support@businessfcl.com

# done

 

# strip the priority

s/^<[\d]{1,2}>//;

 

# mail the cleaned up message

system("echo \"$_\" | /bin/mail -s \"log alert\" monitor");

 

Every time I restart the syslog-ng service I get a mail to the monitor user which would indicate that the perl script sends mail and that syslog-ng runs it during startup but it does not appear to work when the filter is applied. Can any one help with this please?

 

Regards

 

 

Stuart Burgis