I've updated the script, looks like after deleting the file syslog-ng doesn't recreate. Here is the modified code. #!/bin/bash # # mail_log.sh # by John Delisle john_delisle@ceridian.ca # Feb 28 2001 # # # If a file $1 exists, it mails its contents to $2, and deletes $1 # # MAILPROG="/usr/sbin/mail" FACSEV="user.info" if [ $# != 2 ]; then echo "Usage: $0 file_to_check email_address" exit 1; fi if [ ! -s $1 ]; then #echo "$1 not found or size not greater than 0, exiting" exit 2; else $MAILPROG $2 < $1 echo "Message Sent to $2"; logger -p $FACSEV "Message from $1 sent to $2" echo "Removing $1"; > $1 fi exit 0; John Delisle Corporate Technology Ceridian Canada Ltd 204-975-5909 John_Delisle@ceridian. ca To: syslog-ng@lists.balabit.hu Sent by: cc: syslog-ng-admin@lists. Subject: Re: [syslog-ng]program() destination balabit.hu 2001/02/28 04:27 PM Please respond to syslog-ng I've found a way to send the message to an email address. It's a bit of a hack, but.. Basically you output your log to a file, and have a cron job that watches for that file, emails its contents, and deletes it. I'm using it to email a pager. 1- Configure your source line properly for the type of log you are catching 2 - Add a destination file rule 3 - Add a filter to filter for what you're looking for 4 - Add a log with above source, filter, and destination 5 - Install this script in /usr/bin or wherever 6 - Add a cron job such as the example that follows Sample syslog-ng.conf ------------------------------------------ options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (yes); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source s_sys { unix-stream ("/dev/log"); internal(); }; source s_remote { udp(ip(0.0.0.0) port(514)); }; destination d_powerpay { file("/var/log/powerpay"); }; destination d_powerpay_email { file("/var/log/powerpay_email"); }; filter f_emerg { level(emerg); }; filter f_powerpay { facility(local1); }; log { source(s_remote); filter(f_powerpay); destination(d_powerpay); }; log { source(s_remote); filter(f_powerpay); filter(f_emerg); destination(d_powerpay_email); }; log { source(s_remote); filter(DEFAULT); destination(d_mesg); }; ------------------------------------- Sample cron entry ------------------------------------ 5,10,15,20,25,30,35,40,45,50,55,0 * * * * /usr/bin/mail_log.sh /var/log/powerpay_email inet_admin@ceridian.ca ----------------------------------- mail_log.sh script ----------------------------------- #!/bin/bash # # mail_log.sh # by John Delisle john_delisle@ceridian.ca # Feb 28 2001 # # # If a file $1 exists, it mails its contents to $2, and deletes $1 # # MAILPROG="/usr/sbin/mail" if [ $# != 2 ]; then echo "Usage: $0 file_to_check email_address" exit 1; fi if [ ! -e $1 ]; then #echo "$1 not found, exiting" exit 2; else $MAILPROG $2 < $1 echo "Message Sent to $2"; echo "Removing $2"; rm $2 fi exit 0; ----------------------------------- John Delisle Corporate Technology Ceridian Canada Ltd 204-975-5909 John_Delisle@ceridian. ca To: syslog-ng@lists.balabit.hu Sent by: cc: syslog-ng-admin@lists. Subject: Re: [syslog-ng]program() destination balabit.hu 2001/02/28 01:59 PM Please respond to syslog-ng Maciek, have you had any success sending email using this method? I'm trying to get syslog-ng to send an email when a certain alert comes in. John Delisle Corporate Technology Ceridian Canada Ltd 204-975-5909 Maciek Pasternacki <maciekp@japhy.fnord.o To: syslog-ng@lists.balabit.hu rg> cc: Sent by: Subject: [syslog-ng]program() destination syslog-ng-admin@lists. balabit.hu 2001/02/28 12:43 PM Please respond to syslog-ng Hello, I have following configuration on my machine: source logdev { unix-stream("/dev/log"); }; destination foo { program("/home/foo/.bin/loglogs.pl"); }; filter f_foo { not priority(debug) and not facility(mail); }; log { source(logdev); filter(f_foo); destination(foo); }; File /home/foo/.bin/loglogs.pl come as follows: #!/usr/bin/perl open FOO, ">/tmp/loglog.log"; while ( <STDIN> ) { print FOO $_; } close FOO; Could anybody tell why file /tmp/loglog.log stays empty no matter what I do? Greets, --Maciek -- __ Maciek Pasternacki <maciekp@japhy.fnord.org> [ http://japhy.fnord.org/ ] `| _ |_\ / *CENSORED* ( full version at http://japhy.fnord.org/sig.txt ) ,|{-}|}| }\/ \/ |____/ (See attached file: atty1o2p.dat) (See attached file: atty1o2p.dat) (See attached file: atty1o2p.dat)