Hello, I try to define a destination which sends the log entry to root: destination d_mailroot { program("/usr/bin/mail -s '[syslog] Exception detected' root"); }; But this is not working. mail does not notice that it should close stdin and send the mail. I think something like a EOF or at least in single line with a dot. How can I accomplish sending the mail? Thanks, Florian
You simply cannot use a destination like that one. Remember that syslog-ng never stop feeding destinations, so there is never an EOF... What you can do is a script or a little program that read it's stdin and without waiting for an EOF, do something. I use some C program I've written to read stdin using a fgets() that return after # bytes or after an EOL. You have to use something like that using language you like. But never expect syslog-ng to close your destination stdin, cause it's not its behaviour. Amodiovalerio Verde ----- Original Message ----- From: "Florian Lindner" <mailinglists@xgm.de> To: <syslog-ng@lists.balabit.hu> Sent: Monday, August 18, 2003 11:51 PM Subject: [syslog-ng]Sending mail to root?
Hello, I try to define a destination which sends the log entry to root:
destination d_mailroot { program("/usr/bin/mail -s '[syslog] Exception detected' root"); };
But this is not working. mail does not notice that it should close stdin and send the mail. I think something like a EOF or at least in single line with a dot. How can I accomplish sending the mail? Thanks, Florian
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Am Dienstag, 19. August 2003 00:02 schrieb Amodiovalerio Verde:
You simply cannot use a destination like that one.
Remember that syslog-ng never stop feeding destinations, so there is never an EOF...
What you can do is a script or a little program that read it's stdin and without waiting for an EOF, do something.
I use some C program I've written to read stdin using a fgets() that return after # bytes or after an EOL.
You have to use something like that using language you like.
But never expect syslog-ng to close your destination stdin, cause it's not its behaviour.
Could you send this program to me? Wouldn't it be better to return after a linebreak? Thx, Florian
Am Dienstag, 19. August 2003 00:20 schrieb Florian Lindner:
Am Dienstag, 19. August 2003 00:02 schrieb Amodiovalerio Verde:
You simply cannot use a destination like that one.
Remember that syslog-ng never stop feeding destinations, so there is never an EOF...
What you can do is a script or a little program that read it's stdin and without waiting for an EOF, do something.
I use some C program I've written to read stdin using a fgets() that return after # bytes or after an EOL.
You have to use something like that using language you like.
But never expect syslog-ng to close your destination stdin, cause it's not its behaviour.
Could you send this program to me? Wouldn't it be better to return after a linebreak?
Sorry, didn't see you EOL. It would be nice if you would send me the source of this program? Thanks, Florian
On Tue, Aug 19, 2003 at 12:20:43AM +0200, Florian Lindner wrote:
Am Dienstag, 19. August 2003 00:02 schrieb Amodiovalerio Verde:
I use some C program I've written to read stdin using a fgets() that return after # bytes or after an EOL.
Could you send this program to me? Wouldn't it be better to return after a linebreak?
No need for custom C programs: http://www.campin.net/syslog-ng/faq.html#external_program or for shell use this: #!/bin/sh while read line; do echo $line | /usr/bin/mail -s "log alert" pager@example.dom done -- Nate "Classic: A book which people praise and don't read." - Following the Equator, Pudd'nhead Wilson's New Calendar - Samuel Clemens
Well, with that script you will receive a mail for each line in stdin...that's a pain... if you write a custum script you could manage things better....like sending a mail with an alert and the number of times it repeated... I don't like to have my mailbox filled with the same message.... I'll post something in here as soon as I came back in office ( september )... I'm on holiday now. Amodiovalerio Verde ----- Original Message ----- From: "nate" <nate@campin.net> To: <syslog-ng@lists.balabit.hu> Sent: Tuesday, August 19, 2003 12:30 AM Subject: Re: [syslog-ng]Sending mail to root?
On Tue, Aug 19, 2003 at 12:20:43AM +0200, Florian Lindner wrote:
Am Dienstag, 19. August 2003 00:02 schrieb Amodiovalerio Verde:
I use some C program I've written to read stdin using a fgets() that
return
after # bytes or after an EOL.
Could you send this program to me? Wouldn't it be better to return after a linebreak?
No need for custom C programs:
http://www.campin.net/syslog-ng/faq.html#external_program
or for shell use this:
#!/bin/sh while read line; do echo $line | /usr/bin/mail -s "log alert" pager@example.dom done
-- Nate
"Classic: A book which people praise and don't read." - Following the Equator, Pudd'nhead Wilson's New Calendar - Samuel Clemens
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
On Tue, Aug 19, 2003 at 01:08:44AM +0200, Amodiovalerio Verde wrote:
Well, with that script you will receive a mail for each line in stdin...that's a pain...
You use syslog-ng's filtering to decide what to send to the script. It is an enourmous waste of time to make a script do filtering when syslog-ng already does that. If all you want is throtting, use swatch or a shell script like I documented at: http://www.campin.net/newlogcheck.html -- Nate "My suggestion for an Official Usenet Motto: 'If you have nothing to say, then come on in, this is the place for you, tell us all about it!'" - Fosseng, Hevard [quotation collector]
Am Dienstag, 19. August 2003 00:30 schrieb nate:
On Tue, Aug 19, 2003 at 12:20:43AM +0200, Florian Lindner wrote:
Am Dienstag, 19. August 2003 00:02 schrieb Amodiovalerio Verde:
I use some C program I've written to read stdin using a fgets() that return after # bytes or after an EOL.
Could you send this program to me? Wouldn't it be better to return after a linebreak?
No need for custom C programs:
http://www.campin.net/syslog-ng/faq.html#external_program
or for shell use this:
#!/bin/sh while read line; do echo $line | /usr/bin/mail -s "log alert" pager@example.dom done
Thanks, it works so far. I get Email like that: <17>Aug 19 14:31:43 s_sys@bastet root: foo! What dies the <17> means? (The message was generated by logger with mail.alert) Thanks, Florian
That's the priority code ie the combination as defined by RFC3164 of severity and facility... Every facility and severity have a numeric value starting from 0. The priority code is calculated as : Facility * 8 + Severity... So 17 is Facility = 2 (mail) and Severity = 1 (alert) You can look here for all codes : http://www.faqs.org/rfcs/rfc3164.html Amodiovalerio Verde ----- Original Message ----- From: "Florian Lindner" <mailinglists@xgm.de> To: <syslog-ng@lists.balabit.hu> Sent: Tuesday, August 19, 2003 2:33 PM Subject: Re: [syslog-ng]Sending mail to root?
Thanks, it works so far. I get Email like that:
<17>Aug 19 14:31:43 s_sys@bastet root: foo!
What dies the <17> means?
(The message was generated by logger with mail.alert)
Thanks, Florian
Am Dienstag, 19. August 2003 15:22 schrieb Amodiovalerio Verde:
That's the priority code ie the combination as defined by RFC3164 of severity and facility...
Every facility and severity have a numeric value starting from 0.
The priority code is calculated as : Facility * 8 + Severity...
So 17 is Facility = 2 (mail) and Severity = 1 (alert)
You can look here for all codes : http://www.faqs.org/rfcs/rfc3164.html
Ok, thanks. Can I use the filename expansion macros described in http://www.balabit.com/products/syslog_ng/reference/x354.html in the program function? So I can give the mail a subject which contains facility und severity. Thx, Florian
----- Original Message ----- From: "Florian Lindner" <mailinglists@xgm.de> To: <syslog-ng@lists.balabit.hu> Sent: Tuesday, August 19, 2003 2:33 PM Subject: Re: [syslog-ng]Sending mail to root?
Thanks, it works so far. I get Email like that:
<17>Aug 19 14:31:43 s_sys@bastet root: foo!
What dies the <17> means?
(The message was generated by logger with mail.alert)
Thanks, Florian
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
i don't remeber if the program template is in 1.6 but i think there is a patch somewhere... that's why i suggested writing a mini-parser...that way you could format things better... btw ... search for the program template patch in the mailing list or try to see if it's already with syslog-ng 1.6... Amodiovalerio Verde ----- Original Message ----- From: "Florian Lindner" <mailinglists@xgm.de> To: <syslog-ng@lists.balabit.hu> Sent: Tuesday, August 19, 2003 4:08 PM Subject: Re: [syslog-ng]Sending mail to root?
Am Dienstag, 19. August 2003 15:22 schrieb Amodiovalerio Verde:
That's the priority code ie the combination as defined by RFC3164 of severity and facility...
Every facility and severity have a numeric value starting from 0.
The priority code is calculated as : Facility * 8 + Severity...
So 17 is Facility = 2 (mail) and Severity = 1 (alert)
You can look here for all codes : http://www.faqs.org/rfcs/rfc3164.html
Ok, thanks.
Can I use the filename expansion macros described in http://www.balabit.com/products/syslog_ng/reference/x354.html in the program function? So I can give the mail a subject which contains facility und severity. Thx, Florian
----- Original Message ----- From: "Florian Lindner" <mailinglists@xgm.de> To: <syslog-ng@lists.balabit.hu> Sent: Tuesday, August 19, 2003 2:33 PM Subject: Re: [syslog-ng]Sending mail to root?
Thanks, it works so far. I get Email like that:
<17>Aug 19 14:31:43 s_sys@bastet root: foo!
What dies the <17> means?
(The message was generated by logger with mail.alert)
Thanks, Florian
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
On Tuesday 19 August 2003 17:25, Amodiovalerio Verde wrote:
i don't remeber if the program template is in 1.6 but i think there is a patch somewhere...
that's why i suggested writing a mini-parser...that way you could format things better...
btw ... search for the program template patch in the mailing list or try to see if it's already with syslog-ng 1.6...
It is! In version 1.6rc{1,2,3} you can use templates for all destinations types. Achim
Am Dienstag, 19. August 2003 22:22 schrieb Achim Gsell:
On Tuesday 19 August 2003 17:25, Amodiovalerio Verde wrote:
i don't remeber if the program template is in 1.6 but i think there is a patch somewhere...
that's why i suggested writing a mini-parser...that way you could format things better...
btw ... search for the program template patch in the mailing list or try to see if it's already with syslog-ng 1.6...
It is! In version 1.6rc{1,2,3} you can use templates for all destinations types.
How does it work? I've set up a destination: destination d_mailroot { program("/root/bin/sendline.sh '[syslog exception] Level: $LEVEL, Facility: $FACILITY'"); }; But mails subject is like that: "syslog exception] Level: $LEVEL, Facility: $FACILITY" The macros are not expanded. I'm using 1.6 rc3 Thanks, Florian
On Wednesday 20 August 2003 00:56, Florian Lindner wrote:
Am Dienstag, 19. August 2003 22:22 schrieb Achim Gsell:
On Tuesday 19 August 2003 17:25, Amodiovalerio Verde wrote:
i don't remeber if the program template is in 1.6 but i think there is a patch somewhere...
that's why i suggested writing a mini-parser...that way you could format things better...
btw ... search for the program template patch in the mailing list or try to see if it's already with syslog-ng 1.6...
It is! In version 1.6rc{1,2,3} you can use templates for all destinations types.
How does it work?
I've set up a destination:
destination d_mailroot { program("/root/bin/sendline.sh '[syslog exception] Level: $LEVEL, Facility: $FACILITY'"); };
But mails subject is like that: "syslog exception] Level: $LEVEL, Facility: $FACILITY" The macros are not expanded. I'm using 1.6 rc3
Try something like the definition below and read the manual! destination d_mailroot { program("/root/bin/sendline.sh" template("$DATE $HOST [$FACILITY.$LEVEL] $MSG\n") template_escape(no) ); }; Achim
Am Mittwoch, 20. August 2003 21:40 schrieb Achim Gsell:
On Wednesday 20 August 2003 00:56, Florian Lindner wrote:
Am Dienstag, 19. August 2003 22:22 schrieb Achim Gsell:
On Tuesday 19 August 2003 17:25, Amodiovalerio Verde wrote:
i don't remeber if the program template is in 1.6 but i think there is a patch somewhere...
that's why i suggested writing a mini-parser...that way you could format things better...
btw ... search for the program template patch in the mailing list or try to see if it's already with syslog-ng 1.6...
It is! In version 1.6rc{1,2,3} you can use templates for all destinations types.
How does it work?
I've set up a destination:
destination d_mailroot { program("/root/bin/sendline.sh '[syslog exception] Level: $LEVEL, Facility: $FACILITY'"); };
But mails subject is like that: "syslog exception] Level: $LEVEL, Facility: $FACILITY" The macros are not expanded. I'm using 1.6 rc3
Try something like the definition below and read the manual!
destination d_mailroot { program("/root/bin/sendline.sh" template("$DATE $HOST [$FACILITY.$LEVEL] $MSG\n") template_escape(no) ); };
Which manual? In http://www.balabit.com/products/syslog_ng/reference/book1.html I've found nothing about templates. I really would like to understand templates. (right now I don't for example what is template_escape?) Thanks, Florian
On Thursday 21 August 2003 01:00, Florian Lindner wrote:
Which manual? In http://www.balabit.com/products/syslog_ng/reference/book1.html I've found nothing about templates.
I really would like to understand templates. (right now I don't for example what is template_escape?)
The manual is part of the source distribution (doc/sgml/syslog-ng.ps). Download it from http://www.balabit.com/downloads/syslog-ng/1.6/src/syslog-ng-1.6.0rc3.tar.gz or a mirror site. Achim
Am Mittwoch 20 August 2003 21:40 schrieb Achim Gsell:
On Wednesday 20 August 2003 00:56, Florian Lindner wrote:
Am Dienstag, 19. August 2003 22:22 schrieb Achim Gsell:
On Tuesday 19 August 2003 17:25, Amodiovalerio Verde wrote:
i don't remeber if the program template is in 1.6 but i think there is a patch somewhere...
that's why i suggested writing a mini-parser...that way you could format things better...
btw ... search for the program template patch in the mailing list or try to see if it's already with syslog-ng 1.6...
It is! In version 1.6rc{1,2,3} you can use templates for all destinations types.
How does it work?
I've set up a destination:
destination d_mailroot { program("/root/bin/sendline.sh '[syslog exception] Level: $LEVEL, Facility: $FACILITY'"); };
But mails subject is like that: "syslog exception] Level: $LEVEL, Facility: $FACILITY" The macros are not expanded. I'm using 1.6 rc3
Try something like the definition below and read the manual!
destination d_mailroot { program("/root/bin/sendline.sh" template("$DATE $HOST [$FACILITY.$LEVEL] $MSG\n") template_escape(no) ); };
Thanks, it works. But is also possible to use templates as the program? So that I can give $LEVEL as a parameter to sendline.sh? Thanks, Florian
On Tuesday 02 September 2003 21:18, Florian Lindner wrote:
Try something like the definition below and read the manual!
destination d_mailroot { program("/root/bin/sendline.sh" template("$DATE $HOST [$FACILITY.$LEVEL] $MSG\n") template_escape(no) ); };
Thanks, it works. But is also possible to use templates as the program? So that I can give $LEVEL as a parameter to sendline.sh? Thanks, Florian
No. This make no sense because the program is *not* called for every single message and it is not a good idea to exit the program after one message is processed. The program will be started once and has to read the messages from stdin. Achim
participants (4)
-
Achim Gsell
-
Amodiovalerio Verde
-
Florian Lindner
-
nate