RE: [syslog-ng]sending message by email
Another method is to create a script called for instance syslog-ng-mail.sh, containing #!/bin/sh while read line; do echo $line | /usr/bin/mailx -s "$1" $2 done ...and then pipe all your matched messages to this script with two arguments of the subject and email address to send to. This makes it very generic. /Mick
-----Original Message----- From: Stephen C Burns [mailto:sburns@farpointer.net] Sent: Friday, February 01, 2002 10:31 AM To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]sending message by email
Assuming you have a comprehensive file with all of the messages in /var/log/$HOST/messages, just set up a nightly cron job to cat /var/log/$HOST/messages|mail your email
At 09:47 AM 2/1/2002, you wrote:
I have been trying, unsuccessfully, to setup email notification of certain log messages. The filters I am using are working great, but my email notifications are empty. What I would like is to receive an email with a subject line similar to "Log notification for hostname" where hostname is the system the message was received from, with the body of the email containing the log message. Is anyone else doing this? Can you provide an example of your method, if so? Or, can anyone give me any pointers on making this work?
--- David Monk CCNA, MCSE <mailto:david@purplebear.net>david@purplebear.net
The more things change, the more they stay insane.
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng
Mick, Thanks a lot. This should do the trick, mostly. The addresses I send to are the same for all, so I just moved those to the script. The one thing I am still having a problem with, using this method, is getting the $HOST variable to pass to the script. I changed your sample to: #!/bin/sh RECIPIENTS="user1@host user2@host" while read line; do echo $line | /bin/mail -s "Log notification for $1" $RECIPIENTS done I set my destination as follows: destination d_email { program("/usr/local/bin/syslog-mail.sh $HOST"); }; When I get the email, the subject is "Log notification for " Know anyway to fix that? David ----- Original Message ----- From: "Ohrberg, Mick" <Mick.Ohrberg@umb.com> To: <syslog-ng@lists.balabit.hu> Sent: Friday, February 01, 2002 10:43 AM Subject: RE: [syslog-ng]sending message by email
Another method is to create a script called for instance syslog-ng-mail.sh, containing
#!/bin/sh while read line; do echo $line | /usr/bin/mailx -s "$1" $2 done
...and then pipe all your matched messages to this script with two arguments of the subject and email address to send to. This makes it very generic.
/Mick
-----Original Message----- From: Stephen C Burns [mailto:sburns@farpointer.net] Sent: Friday, February 01, 2002 10:31 AM To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]sending message by email
Assuming you have a comprehensive file with all of the messages in /var/log/$HOST/messages, just set up a nightly cron job to cat /var/log/$HOST/messages|mail your email
At 09:47 AM 2/1/2002, you wrote:
I have been trying, unsuccessfully, to setup email notification of certain log messages. The filters I am using are working great, but my email notifications are empty. What I would like is to receive an email with a subject line similar to "Log notification for hostname" where hostname is the system the message was received from, with the body of the email containing the log message. Is anyone else doing this? Can you provide an example of your method, if so? Or, can anyone give me any pointers on making this work?
--- David Monk CCNA, MCSE <mailto:david@purplebear.net>david@purplebear.net
The more things change, the more they stay insane.
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng
David Monk on Fri, Feb 01, 2002 at 11:25:50AM -0600: Hey David,
destination d_email { program("/usr/local/bin/syslog-mail.sh $HOST"); };
When I get the email, the subject is "Log notification for "
Know anyway to fix that?
looks a lot like $HOST is not expanded in program destinations. Probably should be. Fix is writing a patch, or using awk or cut (better) to figure out the hostname. Regards, -- ____ ____ / _/| - > Gregor Binder <gb@(rootnexus.net|sysfive.com)> | / || _\ \ \__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B
This is really trivial at this point in my setup. So, I will just change to the subject to only being "Log notification". Thanks for the input guys. David ----- Original Message ----- From: "Gregor Binder" <gb@rootnexus.net> To: <syslog-ng@lists.balabit.hu> Sent: Friday, February 01, 2002 11:37 AM Subject: Re: [syslog-ng]sending message by email
David Monk on Fri, Feb 01, 2002 at 11:25:50AM -0600:
Hey David,
destination d_email { program("/usr/local/bin/syslog-mail.sh $HOST"); };
When I get the email, the subject is "Log notification for "
Know anyway to fix that?
looks a lot like $HOST is not expanded in program destinations. Probably should be. Fix is writing a patch, or using awk or cut (better) to figure out the hostname.
Regards,
-- ____ ____ / _/| - > Gregor Binder <gb@(rootnexus.net|sysfive.com)> | / || _\ \ \__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng
On Fri, Feb 01, 2002 at 10:43:44AM -0600, Ohrberg, Mick wrote:
Another method is to create a script called for instance syslog-ng-mail.sh, containing
#!/bin/sh while read line; do echo $line | /usr/bin/mailx -s "$1" $2 done
...and then pipe all your matched messages to this script with two arguments of the subject and email address to send to. This makes it very generic.
I'd be careful with unchecked alerts over email. See http://www.campin.net/newlogcheck.html#warning for the reason why, and a solution. -- Nate Campi "Junk mail is war. RFCs do not apply." -- Wietse Venema
Nate Campi on Fri, Feb 01, 2002 at 11:17:09AM -0800: Nate,
I'd be careful with unchecked alerts over email. See http://www.campin.net/newlogcheck.html#warning for the reason why, and a solution.
fully agree with you .. I remember answering the question about how to send single log lines as emails in combination with warning about taking out one's SMTP server at least two or three times before :) I think both should be put in syslog-ng documentation somewhere ... Other than that, I don't think it's a good idea to do that anyway. Even if you build tresholds into your scripts and all that. If our customers ask for that kind of real-time-alerting functionality, we help them in- tegrate syslog-ng with their monitoring systems. Make a lamp turn yellow or red when problems occur is much better than wading through a lot of emails (even if reduced by throttling) to see the current condition of whatever you want to know about. Also, this will integrate much better in usual administration workflow. Although you can send emails to multiple people, if you go the monito- ring way, you can have mutiple people seeing the alert, but only one person needs to worry about it (they will clear the alert, or fix some- thing that will clear the alert, and everybody else watching will know that it's fixed). Regards, -- ____ ____ / _/| - > Gregor Binder <gb@(rootnexus.net|sysfive.com)> | / || _\ \ \__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B
participants (4)
-
David Monk
-
Gregor Binder
-
Nate Campi
-
Ohrberg, Mick