On Wed, Sep 01, 1999 at 02:29:20AM +0200, Josef Bergmann wrote:
Hi Balazs!
On 31 Aug 99, at 11:36, Balazs Scheidler wrote:
filter f_alerts { match("(alert)|(breakin)|..."); };
Ok, thanks again I've fiddled around now a little bit with the filter and yes this works fine :)
destination d_script { program("/usr/local/sbin/alertscript"); }; log { source(src); filter(f_alerts); destination(d_script); };
The script is run as soon as syslog-ng starts up, and is kept running until the configuration is reloaded, or syslog-ng is terminated.
Is it possible to run the script only when the filter matches? I want sent a mail (with the logentry) when a specific event (eg. kernel deny filter) occurs.
For example the log look like this:
Aug 31 21:50:06 gate kernel: IP fw-in deny eth1 UDP 193.XXX.XXX.XXX:137 193.XXX.XXX.XXX:137 L=78 S=0x00 I=39426 F=0x0000 T=128
I want filter this event and send a mail with the logentry if it occurs.
filter f_alert1 { match("deny"); }; destination d_script {program("/usr/local/sbin/alertscript"); }; log {source(src); filter(f_alert1); destination(d_script); };
#!/bin/sh # alerscript # did not work mail -s "Alert" root $1
What about: #!/bin/sh while read line; do echo $line | mail -s "Log alert" root done -- Bazsi