There are many problems with this example.
1. A syslog-ng "program" script is not allowed to process one
message and exit. It must run in a loop, reading individual messages from its
stdin and handling each one separately e.g. sending each as a separate email.
Check the archives of this list, you will see that discussed many
times.
2. The source you have defined will read the existing contents of
that file when syslog-ng is started and send them to the script. That's all it
will do. Run your restart test again - I expect that it sends you the exact same
email every time, the first line of that log file.
Joe.
Dear friends
Is there any update please, The Idea that I want to
filter the logs that comes from the server 172.31.250.68 to send it by
email, that's the purpose of this configuration I did.
(note) the path
" /var/log/syslog-ng/servers/172.31.250.68/local7.log" is the path of the log
file for this server in the my syslog-ng machine, I tried to add more options to
the destination line like the following:
destination maillog {
program("/usr/local/bin/syslog-mail-perl" flush_lines(1)
flush_timeout(30));
};
But the problem still exist
Please if
anyone have a solution for this Or any other solution or guide lines please tell
me.
Thanks
From: reakyrok@hotmail.com
To: syslog-ng@lists.balabit.hu
Date: Mon, 6 Jul
2009 16:44:37 +0300
Subject: Re: [syslog-ng] Must Restart syslog-ng to send
email
Sorry there's Small mistake that In both internal send or out send I must
restart syslog-ng first
From: reakyrok@hotmail.com
To: syslog-ng@lists.balabit.hu
Date: Mon, 6 Jul
2009 15:50:00 +0300
Subject: [syslog-ng] Must Restart syslog-ng to send
email
Dear friends
I
have a small problem with my syslog-ng server, I use a configuration to filter
mail from log file and forwerd it to perl script to send it, the configuration
like the
following:
=====================================================
source
sme {file (/var/log/syslog-ng/servers/172.31.250.68/local7.log);
};
destination maillog { program ("/usr/local/bin/syslog-mail-perl"
);
};
log {source(sme); destination(maillog);
};
=====================================================
And the perl
script like the
following:
+++++++++++++++++++++++++++++++++++=
#!/usr/bin/perl -n
#
thanks to Brian Dowling for an example with security in mind.
$TO =
'reaky@domain.com';
$FROM = $TO;
s/^//;
open(MAIL,
"|/usr/sbin/sendmail -t");
print MAIL "EOT";
To: $TO
From:
$FROM
Subject: SME Log Alert:
$_
$_
EOT
close(MAIL);
+++++++++++++++++++++++++++++++++++++++
It
worked very fine when I send to root user in the machine, But when I tried to
send to outside I found that I must restart syslog every time to send the mails
to sendmail, In another word it buffer the emails tell I restart syslog-ng then
It forwerd it to send mail and can see it in the mail log.
Do you have any
idea for that ?
Thanks
Windows Live™: Keep your life in sync. Check
it out!
Invite your mail contacts to join your friends list with Windows Live Spaces.
It's easy! Try
it!
Invite your mail contacts to join your friends list with Windows Live Spaces.
It's easy! Try it!