trouble shoot program() function
Hi everyone. I am trying to send mail notifications using the syslog-ng program() function and it's not working. To verify the filter works I use the same filter to log to a file and the data is going to the file correctly. When I run the script manually "grep ASA-5-111008 log_file | /usr/local/bin/cisco-cfg.pl" mail is generated. I added code to write to a file and that did not work. I am including the syslog-ng.cfg snippet and the cisco-cfg.pl code. Any ideas how I can trouble shoot why the email is not being sent from syslog-ng Thanks for you help syslog-ng.conf =========== source external { udp(port(514)); tcp(ip(0.0.0.0) port(5000) max-connections(300)); }; destination d_cisco_config{ program ("/usr/local/bin/cisco-cfg.pl"); }; destination test { file ("/var/log/HOSTS/test"); }; filter f_firewall_config{ match("ASA-6-605005") or match("ASA-5-111008"); }; log { #log to file to test that filter is working source(external); filter(f_firewall_config); destination(test); }; log { source (external); filter (f_firewall_config); destination(d_cisco_config); }; /usr/local/bin/cisco-cfg.pl ================ #!/usr/bin/perl -n use strict; use warnings; my $d_month = ""; my $d_day = ""; my $d_hour = ""; my $d_min = ""; my $d_sec = ""; my $host = ""; my $user = ""; my $command = ""; my $user_pc = ""; my $interface = ""; my $title = ""; my $to = ""; my $from = ""; my $subject = ""; if (/ASA\-5\-111008/) { /(\w{1,3})\s*(\d{1,2})\s(\d{2})\d{2})\d{2}).*?(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).*?'(.*?)'.*?'(.*?)'/; $d_month =$1; $d_day = $2; $d_hour = $3; $d_min = $4; $d_sec = $5; $host = $6; $user =$7; $command = $8; $to = 'user@mail.com'; $title = "$host Firewall config alert"; $from = 'root@cadis.net'; open( MAIL, "|/usr/sbin/sendmail -t"); print MAIL "EOT"; ## Mail Header print MAIL "To: $to\n"; print MAIL "From: $from\n"; print MAIL "Subject: Firewall config change on $host\n\n"; ## mail body print MAIL "Host: $host\n"; print MAIL "Edited by: $user\n"; print MAIL "Command issued: $command\n"; print MAIL "Log stamp: $d_month $d_day $d_hour:$d_min.$d_sec\n"; print MAIL "\n\n"; print MAIL "Log message:\n"; print MAIL "$_\n"; print MAIL "EOT"; close( MAIL ); }
Your script needs to have a loop where it reads stdin and processes each line as a separate message. It is not allowed to process one message and exit, like it does today. Joe. -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Sal Polifemo Sent: 24 January 2010 01:31 To: syslog-ng mail list Subject: [syslog-ng] trouble shoot program() function Hi everyone. I am trying to send mail notifications using the syslog-ng program() function and it's not working. To verify the filter works I use the same filter to log to a file and the data is going to the file correctly. When I run the script manually "grep ASA-5-111008 log_file | /usr/local/bin/cisco-cfg.pl" mail is generated. I added code to write to a file and that did not work. I am including the syslog-ng.cfg snippet and the cisco-cfg.pl code. Any ideas how I can trouble shoot why the email is not being sent from syslog-ng Thanks for you help syslog-ng.conf =========== source external { udp(port(514)); tcp(ip(0.0.0.0) port(5000) max-connections(300)); }; destination d_cisco_config{ program ("/usr/local/bin/cisco-cfg.pl"); }; destination test { file ("/var/log/HOSTS/test"); }; filter f_firewall_config{ match("ASA-6-605005") or match("ASA-5-111008"); }; log { #log to file to test that filter is working source(external); filter(f_firewall_config); destination(test); }; log { source (external); filter (f_firewall_config); destination(d_cisco_config); }; /usr/local/bin/cisco-cfg.pl ================ #!/usr/bin/perl -n use strict; use warnings; my $d_month = ""; my $d_day = ""; my $d_hour = ""; my $d_min = ""; my $d_sec = ""; my $host = ""; my $user = ""; my $command = ""; my $user_pc = ""; my $interface = ""; my $title = ""; my $to = ""; my $from = ""; my $subject = ""; if (/ASA\-5\-111008/) { /(\w{1,3})\s*(\d{1,2})\s(\d{2})\d{2})\d{2}).*?(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).*?'(.*?)'.*?'(.*?)'/; $d_month =$1; $d_day = $2; $d_hour = $3; $d_min = $4; $d_sec = $5; $host = $6; $user =$7; $command = $8; $to = 'user@mail.com'; $title = "$host Firewall config alert"; $from = 'root@cadis.net'; open( MAIL, "|/usr/sbin/sendmail -t"); print MAIL "EOT"; ## Mail Header print MAIL "To: $to\n"; print MAIL "From: $from\n"; print MAIL "Subject: Firewall config change on $host\n\n"; ## mail body print MAIL "Host: $host\n"; print MAIL "Edited by: $user\n"; print MAIL "Command issued: $command\n"; print MAIL "Log stamp: $d_month $d_day $d_hour:$d_min.$d_sec\n"; print MAIL "\n\n"; print MAIL "Log message:\n"; print MAIL "$_\n"; print MAIL "EOT"; close( MAIL ); } ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
participants (2)
-
Fegan, Joe
-
Sal Polifemo