Can you please suggest me some solution on how to overcome this situation. My main purpose is to invoke the script which will send an alert mail only when there is a match of "attackalert" found in the log file. On Tue, Nov 30, 2010 at 2:13 PM, SZALAY Attila <sasa@balabit.hu> wrote:
Hi All!
On Tue, 2010-11-30 at 13:40 +0530, Supratik Goswami wrote:
I created "/root/workspace/test" a bash script only with a simple echo statement to check if it is working correctly or not. The problem is whenever I start syslog-ng the script starts executing even if the word "attackalert" is not recorded. The following is my syslog-ng.conf configuration. Is there anything I am missing here ? Please advice.
Yes, this is the expected (and documented) behavior. Syslog-ng start the scipt at the start time and the script should wait for the messages.
And the script should not exit either because syslog-ng would not like it.
-- SZALAY Attila Support (L3) Team Leader
e-mail: attila.szalay@balabit.com
BalaBit IT Security www.balabit.com H-1115 Bártfai str. 54. Budapest
This Communication is Confidential. We only send and receive email on the basis of the terms set out at http://www.balabit.com/disclaimer/.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Warm Regards Supratik