Hi

I am using syslog-ng 3.0 and I am trying to monitor log files. If there is word "attackalert" found in the log file syslog-ng should invoke a script.

I created "/root/workspace/test" a bash script only with a simple echo statement to check if it is working correctly or not. The problem is

whenever I start syslog-ng the script starts executing even if the word "attackalert" is not recorded. The following is my syslog-ng.conf

configuration. Is there anything I am missing here ? Please advice.

options {

        flush_lines (0);

        time_reopen (10);

        log_fifo_size (1000);

        long_hostnames (off);

        use_dns (no);

        use_fqdn (no);

        create_dirs (no);

        keep_hostname (yes);

};

source s_file { file("/root/workspace/app_desktop/sup.log.php");};

destination d_prog { program("/root/workspace/test"); };

filter f_attack_alert {

        match("attackalert" value("MESSAGE"));

};

log {

        source(s_file);

        filter(f_attack_alert);

        destination(d_prog);

};