Hi
I think SEC can do what you're looking for.
Simple Events Correlator is a powerful perl script which can detect special logs.
Just have a look at :http://www.estpak.ee/~risto/sec/
after that, you'l have to write your own rules which is pretty simple
bye
2007/8/3, Darwin, Samuel <darwins@thirteen.org
>:Hi,
Is there a good way to have syslog-ng email me when particular log
events occur?
I am running a very standard, default installation of CentOS 5.
Example:
I tried this sort of methodology, but it didn't work:
source net { udp(); };
destination emailer { program("mail
myaddress@yahoo.com"); };
log { source(net); destination(emailer); };
In this case, I'd expect to be emailed a copy of every single message
received over udp. However, what happens is that the program "mail
myaddress@yahoo.com" gets run and appears in the process table, but no
emails are sent. The syslog log file shows dropped='program(mail
myaddress@yahoo.com)=0' , indicating something is being "dropped".
I think that I must be going about this the wrong way. Maybe I can't
use syslog-ng to send emails?
Thanks,
Sam Darwin
Thirteen.org
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html