Hi,
I've configured syslog-ng for receiving alerts from remote system( /var/log/messages). I've configured 2 destinations
1. A file snort.log , i'm getting alerts in this file
2. email alerts, i'm unable to receive email alerts
I've tested the script alert_mail.sh externally and it works.(i'm able to get mails, so sendmail is working)
can someone help in solving this problem.
 
Regards,
 
Agnelo
 
syslog-ng.conf
==================
source sensors
    {
      internal();
      tcp(ip(10.0.41.175) port(514) max-connections(7));
      unix-stream("/dev/log");
    };
destination localhost
   {
      file("/var/log/snort.log");
   };
destination email_alert_script {program ("/usr/local/bin/alert_mail.sh"); };
log { source(sensors); destination(localhost); };
log {source(sensors); destination(email_alert_script); };
==========================

alert_mail.sh
====================
#!/bin/sh
while read line; do
echo $line |mail -s "Snort Alert" idsalert@xxxx.com
done

Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway - Enter today