0 S root 20465 1 0 80 0 - 443 - 11:26 pts/0 00:00:00 /bin/sh -c /usr/local/bin/ssh_alert_by_email.sh 0 S root 20466 20465 0 80 0 - 443 - 11:26 pts/0 00:00:00 /bin/bash /usr/local/bin/ssh_alert_by_email.sh 5 S root 20468 1 0 80 0 - 572 - 11:26 ? 00:00:00 /sbin/syslog-ng -p /var/run/syslog-ng.pid the PID is not changing, (unless the syslog-ng is restarted of course), the debug.log shows the program runs until syslog-ng is restarted as well. but it still sends nothing to the /tmp/testlog file. On Thu, Aug 13, 2009 at 3:47 AM, Fegan, Joe<Joe.Fegan@hp.com> wrote:
In "ps -elf" do you see your script? Does the pid stay the same as time advances, or does it change (which would mean it's exiting and being replaced with a new instance by syslog-ng automatically). You could add a start and end marker to see if it's starting at all and if/when it's exiting. Like:
#!/bin/bash echo "$0 started `date`" >> /tmp/debug.log while read line ; do echo $line >> /tmp/testlog done echo "$0 exited `date`" >> /tmp/debug.log
-----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Alberto Sierra Sent: 13 August 2009 07:26 To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] program destination problem (again...)
hi there,
i know this is been discussed like a million times already but i'm stuck and can't get around this.
i'm using a program destination in my syslog-ng config, like this: destination test_log { file("/var/log/testlog"); }; destination sshd_alerts { program("/usr/local/bin/ssh_alert_by_email.sh" template("$DATE $HOST $PROGRAM $MSGONLY")); };
filter sshd { program("sshd"); }; filter login_accepted { match("Accepted password|Accepted publickey"); };
log { source(s_all); filter(sshd); filter(login_accepted); destination(sshd_alerts); destination(test_log); };
and the script as follows:
#!/bin/bash while read line ; do echo $line >> /tmp/testlog done
that's it, it logs to the destination(test_log) but the script does nothing.
i followed a similar thread: https://lists.balabit.hu/pipermail/syslog-ng/2008-March/011512.html
and the script works well interactively in the shell. I think i hit a dead end here... btw version 2.0.9
-- Alberto Sierra ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Alberto Sierra Reales [aesetres] IT Consultant Cel. 8319-1805