Hi I think SEC can do what you're looking for. Simple Events Correlator is a powerful perl script which can detect special logs. Just have a look at :http://www.estpak.ee/~risto/sec/ after that, you'l have to write your own rules which is pretty simple bye 2007/8/3, Darwin, Samuel <darwins@thirteen.org>:
Hi,
Is there a good way to have syslog-ng email me when particular log events occur?
I am running a very standard, default installation of CentOS 5.
Example:
I tried this sort of methodology, but it didn't work:
source net { udp(); }; destination emailer { program("mail myaddress@yahoo.com"); }; log { source(net); destination(emailer); };
In this case, I'd expect to be emailed a copy of every single message received over udp. However, what happens is that the program "mail myaddress@yahoo.com" gets run and appears in the process table, but no emails are sent. The syslog log file shows dropped='program(mail myaddress@yahoo.com)=0' , indicating something is being "dropped".
I think that I must be going about this the wrong way. Maybe I can't use syslog-ng to send emails?
Thanks, Sam Darwin Thirteen.org
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html