Hi, I try to define a log parser. The idea is to monitor every lines for specific pattern and run action command. My config lines are destination syslog_parser { program("/usr/local/bin/test_syslog"); }; log { source(src); destination(syslog_parser); }; To test syslog-ng, I wrote a basic shell script, which only contain /bin/echo "This is a test" | /usr/bin/wall and exit This should issue a "wall" command on every lines written in the syslog I test it with the command "logger", and this do not work. I have the following syslog-ng error when I start it. Oct 10 13:04:00 minime1 syslog-ng[5470]: io.c: do_write: write() failed (errno 32), Broken pipe Oct 10 13:04:00 minime1 syslog-ng[5470]: pkt_buffer::do_flush(): Error flushing data I'm currently running version 1.6 from SLES10, syslog-ng-1.6.8-20.18 for IA64 I red the documentation provided by the package, and saw the following NOTE: the program is executed once at startup, and kept running until SIGHUP or exit. The reason is to prevent starting up a large number of programs for messages, which would imply an easy DoS. My script is meant to run once and exit. Could it be the problem. Is there any way to achieve what I want. I'm aware about the DoS, but in this case, there it's not a problem. Thank you -- Spike Milligan - "All I ask is the chance to prove that money can't make me happy."
Hi,
My script is meant to run once and exit. Could it be the problem.
Yes absolutely. You cannot exit after each log message, that is not permitted and explains why you are getting the SIGPIPE errors. You have to run in a loop, reading and processing messages from stdin until you get an eof. See old postings to this list. Here's a pointer to one that gives an outline bash script that you can build upon. https://lists.balabit.hu/pipermail/syslog-ng/2008-March/011512.html Joe. -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Gaetan Lord Sent: 12 October 2008 15:25 To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Destination program behavior Hi, I try to define a log parser. The idea is to monitor every lines for specific pattern and run action command. My config lines are destination syslog_parser { program("/usr/local/bin/test_syslog"); }; log { source(src); destination(syslog_parser); }; To test syslog-ng, I wrote a basic shell script, which only contain /bin/echo "This is a test" | /usr/bin/wall and exit This should issue a "wall" command on every lines written in the syslog I test it with the command "logger", and this do not work. I have the following syslog-ng error when I start it. Oct 10 13:04:00 minime1 syslog-ng[5470]: io.c: do_write: write() failed (errno 32), Broken pipe Oct 10 13:04:00 minime1 syslog-ng[5470]: pkt_buffer::do_flush(): Error flushing data I'm currently running version 1.6 from SLES10, syslog-ng-1.6.8-20.18 for IA64 I red the documentation provided by the package, and saw the following NOTE: the program is executed once at startup, and kept running until SIGHUP or exit. The reason is to prevent starting up a large number of programs for messages, which would imply an easy DoS. My script is meant to run once and exit. Could it be the problem. Is there any way to achieve what I want. I'm aware about the DoS, but in this case, there it's not a problem. Thank you -- Spike Milligan - "All I ask is the chance to prove that money can't make me happy." ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
participants (2)
-
Fegan, Joe
-
Gaetan Lord