Hi Balazs! On 31 Aug 99, at 11:36, Balazs Scheidler wrote:
filter f_alerts { match("(alert)|(breakin)|..."); };
Ok, thanks again I've fiddled around now a little bit with the filter and yes this works fine :)
destination d_script { program("/usr/local/sbin/alertscript"); }; log { source(src); filter(f_alerts); destination(d_script); };
The script is run as soon as syslog-ng starts up, and is kept running until the configuration is reloaded, or syslog-ng is terminated.
Is it possible to run the script only when the filter matches? I want sent a mail (with the logentry) when a specific event (eg. kernel deny filter) occurs. For example the log look like this: Aug 31 21:50:06 gate kernel: IP fw-in deny eth1 UDP 193.XXX.XXX.XXX:137 193.XXX.XXX.XXX:137 L=78 S=0x00 I=39426 F=0x0000 T=128 I want filter this event and send a mail with the logentry if it occurs. filter f_alert1 { match("deny"); }; destination d_script {program("/usr/local/sbin/alertscript"); }; log {source(src); filter(f_alert1); destination(d_script); }; #!/bin/sh # alerscript # did not work mail -s "Alert" root $1 bye Josef -- BERGMANN engineering & consulting http://bec.at/ And remember that old savvy sayin' 'Some folk tell ya everything they know, and then keep on talkin' !'