I am running 3.0.4 on a solaris 10 host. I am trying to send critical and emergency events via smtp. I have the following syntax: destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh $HOST" template("<$PRI>$DATE $HOST $MSG\n.\n"); ); }; It doesn't like this syntax, however this is exactly what the documentation shows. I have also tried the following thinking the documentation might be wrong: destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh $HOST"); template("<$PRI>$DATE $HOST $MSG\n.\n"); }; destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh" template("<$PRI>$DATE $HOST $MSG\n.\n"); ); }; destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh"); template("<$PRI>$DATE $HOST $MSG\n.\n"); }; Has anyone done this or know how to send alerts via smtp? Thanks, CC
Hm, not sure specifically why that's not working. I use program, but I don't have a macro like $HOST in the program declaration, and I declare the template ahead of time like this: template t_mytemp { template("foo bar"); }; destination d_mydest { program("/usr/bin/foo", template(t_mytemp)); }; I don't know why my way would work and not yours, but it should be easy to swap a few things around quickly just to see if it makes a difference. On Fri, Nov 5, 2010 at 8:46 AM, Chuck <chuck.carson@gmail.com> wrote:
I am running 3.0.4 on a solaris 10 host. I am trying to send critical and emergency events via smtp. I have the following syntax:
destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh $HOST" template("<$PRI>$DATE $HOST $MSG\n.\n"); ); };
It doesn't like this syntax, however this is exactly what the documentation shows.
I have also tried the following thinking the documentation might be wrong:
destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh $HOST"); template("<$PRI>$DATE $HOST $MSG\n.\n"); }; destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh" template("<$PRI>$DATE $HOST $MSG\n.\n"); ); }; destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh"); template("<$PRI>$DATE $HOST $MSG\n.\n"); };
Has anyone done this or know how to send alerts via smtp?
Thanks, CC
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Hi, On Fri, Nov 5, 2010 at 2:46 PM, Chuck <chuck.carson@gmail.com> wrote:
I am running 3.0.4 on a solaris 10 host. I am trying to send critical and emergency events via smtp. I have the following syntax:
destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh $HOST" template("<$PRI>$DATE $HOST $MSG\n.\n"); ); };
Maybe you misunderstood the example. program ("/usr/local/sbin/syslog-ng-mailer.sh $HOST" is bad, the whole string including the space and $HOST is treated as the program name... Instead of that use program ("/usr/local/sbin/syslog-ng-mailer.sh" template(... hth, Sandor
It doesn't like this synxtax either: destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh" template("$HOST <$PRI>$DATE $HOST $MSG\n"); ); }; I can't get any syntax as all working that uses the template() option. -Chuck On Fri, Nov 5, 2010 at 6:57 AM, Sandor Geller < Sandor.Geller@morganstanley.com> wrote:
Hi,
On Fri, Nov 5, 2010 at 2:46 PM, Chuck <chuck.carson@gmail.com> wrote:
I am running 3.0.4 on a solaris 10 host. I am trying to send critical and emergency events via smtp. I have the following syntax:
destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh $HOST" template("<$PRI>$DATE $HOST $MSG\n.\n"); ); };
Maybe you misunderstood the example.
program ("/usr/local/sbin/syslog-ng-mailer.sh $HOST"
is bad, the whole string including the space and $HOST is treated as the program name... Instead of that use
program ("/usr/local/sbin/syslog-ng-mailer.sh" template(...
hth,
Sandor
there is an extra semicolon... remove the one after template() On Fri, Nov 5, 2010 at 3:04 PM, Chuck <chuck.carson@gmail.com> wrote:
It doesn't like this synxtax either:
destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh" template("$HOST <$PRI>$DATE $HOST $MSG\n"); ); };
I can't get any syntax as all working that uses the template() option.
-Chuck
On Fri, Nov 5, 2010 at 6:57 AM, Sandor Geller <Sandor.Geller@morganstanley.com> wrote:
Hi,
On Fri, Nov 5, 2010 at 2:46 PM, Chuck <chuck.carson@gmail.com> wrote:
I am running 3.0.4 on a solaris 10 host. I am trying to send critical and emergency events via smtp. I have the following syntax:
destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh $HOST" template("<$PRI>$DATE $HOST $MSG\n.\n"); ); };
Maybe you misunderstood the example.
program ("/usr/local/sbin/syslog-ng-mailer.sh $HOST"
is bad, the whole string including the space and $HOST is treated as the program name... Instead of that use
program ("/usr/local/sbin/syslog-ng-mailer.sh" template(...
hth,
Sandor
I have some syntax working now but can't get a reliable means of sending smtp notifications.. Just curious how other people are doing it. Here is my current setup: template t_smtp { template("$HOST <$PRI>$DATE $HOST $MSG\n"); template_escape(no); }; destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh"); }; log { source (s_udp); filter (f_kern); filter (f_crit); destination (r_smtp); }; log { source (s_udp); filter (f_user); filter (f_crit); destination (r_smtp); }; log { source (s_udp); filter (f_daemon); filter (f_crit); destination (r_smtp); }; The above catches the messages and executes my script. Here is my script: #!/bin/sh RECPT="me@example.com" tstamp=`localtime` log="/var/adm/syslog-ng-mailer.log" tmp="/tmp/syslog-ng-mailer.$$" while read line; do echo $line >> $tmp done /usr/local/bin/cat $tmp | /bin/mailx -s "SyslogAlet" $RECPT /bin/rm $tmp exit 0; The script is getting executed but with the following issues: 1) When I execute the following 3 commands on a remote host that logs to my syslog-ng server, it appears to only execute my script once: # logger -p user.crit "TESTING 1" # logger -p user.crit "TESTING 2" # logger -p user.crit "TESTING 3" So I wind up with a single tmp file instead of 3 as I would expect: root@syslog:/tmp# cat syslog-ng-mailer.4053 Nov 5 08:58:07 pwydbsolp05 carsoc: [ID 702911 user.crit] TESTING 1 Nov 5 08:58:08 pwydbsolp05 carsoc: [ID 702911 user.crit] TESTING 2 Nov 5 08:58:10 pwydbsolp05 carsoc: [ID 702911 user.crit] TESTING 3 Here I see the processes associated with my script: root@syslog:/tmp# ps -ef | grep syslog-ng-mailer root 4052 4048 0 08:17:19 ? 0:00 /bin/sh -c /usr/local/sbin/syslog-ng-mailer.sh root 4053 4052 0 08:17:19 ? 0:00 /bin/sh /usr/local/sbin/syslog-ng-mailer.sh These processes just seem to hand.. Every once in a a message will actually get delivered but its blank with the exception of the subject. I've tried several different scripts, some that try and parse the command line arguments individually, some that just read STDIN until EOF, and etc.... I can't get anything reliable working. Any ideas? On Fri, Nov 5, 2010 at 7:08 AM, Sandor Geller < Sandor.Geller@morganstanley.com> wrote:
there is an extra semicolon... remove the one after template()
On Fri, Nov 5, 2010 at 3:04 PM, Chuck <chuck.carson@gmail.com> wrote:
It doesn't like this synxtax either:
destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh" template("$HOST <$PRI>$DATE $HOST $MSG\n"); ); };
I can't get any syntax as all working that uses the template() option.
-Chuck
On Fri, Nov 5, 2010 at 6:57 AM, Sandor Geller <Sandor.Geller@morganstanley.com> wrote:
Hi,
On Fri, Nov 5, 2010 at 2:46 PM, Chuck <chuck.carson@gmail.com> wrote:
I am running 3.0.4 on a solaris 10 host. I am trying to send critical and emergency events via smtp. I have the following syntax:
destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh $HOST" template("<$PRI>$DATE $HOST $MSG\n.\n"); ); };
Maybe you misunderstood the example.
program ("/usr/local/sbin/syslog-ng-mailer.sh $HOST"
is bad, the whole string including the space and $HOST is treated as the program name... Instead of that use
program ("/usr/local/sbin/syslog-ng-mailer.sh" template(...
hth,
Sandor
Oops pasted the wrong output.. My current syslog-ng.conf contains this: destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh" template(t_smtp) ); }; On Fri, Nov 5, 2010 at 9:26 AM, Chuck <chuck.carson@gmail.com> wrote:
I have some syntax working now but can't get a reliable means of sending smtp notifications.. Just curious how other people are doing it. Here is my current setup:
template t_smtp { template("$HOST <$PRI>$DATE $HOST $MSG\n"); template_escape(no); }; destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh"); }; log { source (s_udp); filter (f_kern); filter (f_crit); destination (r_smtp); }; log { source (s_udp); filter (f_user); filter (f_crit); destination (r_smtp); }; log { source (s_udp); filter (f_daemon); filter (f_crit); destination (r_smtp); };
The above catches the messages and executes my script.
Here is my script: #!/bin/sh RECPT="me@example.com"
tstamp=`localtime` log="/var/adm/syslog-ng-mailer.log" tmp="/tmp/syslog-ng-mailer.$$"
while read line; do echo $line >> $tmp done
/usr/local/bin/cat $tmp | /bin/mailx -s "SyslogAlet" $RECPT
/bin/rm $tmp
exit 0;
The script is getting executed but with the following issues:
1) When I execute the following 3 commands on a remote host that logs to my syslog-ng server, it appears to only execute my script once:
# logger -p user.crit "TESTING 1" # logger -p user.crit "TESTING 2" # logger -p user.crit "TESTING 3"
So I wind up with a single tmp file instead of 3 as I would expect: root@syslog:/tmp# cat syslog-ng-mailer.4053 Nov 5 08:58:07 pwydbsolp05 carsoc: [ID 702911 user.crit] TESTING 1 Nov 5 08:58:08 pwydbsolp05 carsoc: [ID 702911 user.crit] TESTING 2 Nov 5 08:58:10 pwydbsolp05 carsoc: [ID 702911 user.crit] TESTING 3
Here I see the processes associated with my script: root@syslog:/tmp# ps -ef | grep syslog-ng-mailer root 4052 4048 0 08:17:19 ? 0:00 /bin/sh -c /usr/local/sbin/syslog-ng-mailer.sh root 4053 4052 0 08:17:19 ? 0:00 /bin/sh /usr/local/sbin/syslog-ng-mailer.sh
These processes just seem to hand.. Every once in a a message will actually get delivered but its blank with the exception of the subject.
I've tried several different scripts, some that try and parse the command line arguments individually, some that just read STDIN until EOF, and etc....
I can't get anything reliable working.
Any ideas?
On Fri, Nov 5, 2010 at 7:08 AM, Sandor Geller < Sandor.Geller@morganstanley.com> wrote:
there is an extra semicolon... remove the one after template()
On Fri, Nov 5, 2010 at 3:04 PM, Chuck <chuck.carson@gmail.com> wrote:
It doesn't like this synxtax either:
destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh" template("$HOST <$PRI>$DATE $HOST $MSG\n"); ); };
I can't get any syntax as all working that uses the template() option.
-Chuck
On Fri, Nov 5, 2010 at 6:57 AM, Sandor Geller <Sandor.Geller@morganstanley.com> wrote:
Hi,
On Fri, Nov 5, 2010 at 2:46 PM, Chuck <chuck.carson@gmail.com> wrote:
I am running 3.0.4 on a solaris 10 host. I am trying to send critical and emergency events via smtp. I have the following syntax:
destination r_smtp { program
("/usr/local/sbin/syslog-ng-mailer.sh
$HOST" template("<$PRI>$DATE $HOST $MSG\n.\n"); ); };
Maybe you misunderstood the example.
program ("/usr/local/sbin/syslog-ng-mailer.sh $HOST"
is bad, the whole string including the space and $HOST is treated as the program name... Instead of that use
program ("/usr/local/sbin/syslog-ng-mailer.sh" template(...
hth,
Sandor
On Friday, November 05, 2010 09:28:17 Chuck wrote:
Oops pasted the wrong output.. My current syslog-ng.conf contains this: destination r_smtp { program ("/usr/local/sbin/syslog-ng-mailer.sh" template(t_smtp) ); };
On Fri, Nov 5, 2010 at 9:26 AM, Chuck <chuck.carson@gmail.com> wrote:
I have some syntax working now but can't get a reliable means of sending smtp notifications.. Just curious how other people are doing it. Here is my current setup:
These processes just seem to hand.. Every once in a a message will actually get delivered but its blank with the exception of the subject.
I've tried several different scripts, some that try and parse the command line arguments individually, some that just read STDIN until EOF, and etc....
I can't get anything reliable working.
Any ideas?
Hi Chuck, I can't help with the email part directly. I would suggest considering using a Perl script because I don't think syslog-ng executes a new program for every single message otherwise it could cause a process storm during heavy load and also slow the daemon down doing too many forks instead of processing logs. So you might have to send them to a Perl script which batches or unbatches the messages as appropriate and sends the email for you. Have a look at this part of the manual and see if it helps you get your program driver configured better, too. http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.1- guide-admin-en.html/index.html-single.html#reference_destination_program Good Luck, Matthew.
participants (4)
-
Chuck
-
Martin Holste
-
Matthew Hall
-
Sandor Geller