Oops pasted the wrong output.. My current syslog-ng.conf contains this:
destination r_smtp     { program ("/usr/local/sbin/syslog-ng-mailer.sh" template(t_smtp) ); };

On Fri, Nov 5, 2010 at 9:26 AM, Chuck <chuck.carson@gmail.com> wrote:

I have some syntax working now but can't get a reliable means of sending smtp notifications.. Just curious how other people are doing it. Here is my current setup:

template    t_smtp     { template("$HOST <$PRI>$DATE $HOST $MSG\n"); template_escape(no); };
destination r_smtp     { program ("/usr/local/sbin/syslog-ng-mailer.sh"); };
log { source (s_udp);           filter (f_kern); filter (f_crit);       destination (r_smtp); };
log { source (s_udp);           filter (f_user); filter (f_crit);       destination (r_smtp); };
log { source (s_udp);           filter (f_daemon); filter (f_crit);     destination (r_smtp); };

The above catches the messages and executes my script.

Here is my script:
#!/bin/sh
RECPT="me@example.com"

tstamp=`localtime`
log="/var/adm/syslog-ng-mailer.log"
tmp="/tmp/syslog-ng-mailer.$$"

while read line; do
        echo $line >> $tmp
done

/usr/local/bin/cat $tmp | /bin/mailx -s "SyslogAlet" $RECPT

/bin/rm $tmp

exit 0;

The script is getting executed but with the following issues:

1) When I execute the following 3 commands on a remote host that logs to my syslog-ng server, it appears to only execute my script once:

# logger -p user.crit "TESTING 1"                                      
# logger -p user.crit "TESTING 2"
# logger -p user.crit "TESTING 3"

So I wind up with a single tmp file instead of 3 as I would expect:
root@syslog:/tmp# cat syslog-ng-mailer.4053
Nov 5 08:58:07 pwydbsolp05 carsoc: [ID 702911 user.crit] TESTING 1
Nov 5 08:58:08 pwydbsolp05 carsoc: [ID 702911 user.crit] TESTING 2
Nov 5 08:58:10 pwydbsolp05 carsoc: [ID 702911 user.crit] TESTING 3

Here I see the processes associated with my script:
root@syslog:/tmp# ps -ef | grep syslog-ng-mailer
    root  4052  4048   0 08:17:19 ?           0:00 /bin/sh -c /usr/local/sbin/syslog-ng-mailer.sh
    root  4053  4052   0 08:17:19 ?           0:00 /bin/sh /usr/local/sbin/syslog-ng-mailer.sh

These processes just seem to hand.. Every once in a a message will actually get delivered but its blank with the exception of the subject.

I've tried several different scripts, some that try and parse the command line arguments individually, some that just read STDIN until EOF, and etc....

I can't get anything reliable working.

Any ideas?



On Fri, Nov 5, 2010 at 7:08 AM, Sandor Geller <Sandor.Geller@morganstanley.com> wrote:
there is an extra semicolon... remove the one after template()

On Fri, Nov 5, 2010 at 3:04 PM, Chuck <chuck.carson@gmail.com> wrote:
>
> It doesn't like this synxtax either:
>
> destination r_smtp     { program ("/usr/local/sbin/syslog-ng-mailer.sh"
> template("$HOST <$PRI>$DATE $HOST $MSG\n"); ); };
>
> I can't get any syntax as all working that uses the template() option.
>
> -Chuck
>
> On Fri, Nov 5, 2010 at 6:57 AM, Sandor Geller
> <Sandor.Geller@morganstanley.com> wrote:
>>
>> Hi,
>>
>> On Fri, Nov 5, 2010 at 2:46 PM, Chuck <chuck.carson@gmail.com> wrote:
>> >
>> > I am running 3.0.4 on a solaris 10 host. I am trying to send critical
>> > and
>> > emergency events via smtp. I have the following syntax:
>> >
>> > destination r_smtp     { program ("/usr/local/sbin/syslog-ng-mailer.sh
>> > $HOST" template("<$PRI>$DATE $HOST $MSG\n.\n"); ); };
>>
>> Maybe you misunderstood the example.
>>
>> program ("/usr/local/sbin/syslog-ng-mailer.sh $HOST"
>>
>> is bad, the whole string including the space and $HOST is treated as
>> the program name... Instead of that use
>>
>> program ("/usr/local/sbin/syslog-ng-mailer.sh" template(...
>>
>> hth,
>>
>> Sandor
>
>