destination { program(); } failures...
I've been trying to use: destination { program("/usr/bin/notify"); }; ...and it doesn't work. No error messages. No log messages. No nothing at all. Then I had a flash, and tried checking my hypothesis against the documentation - nothing there. Then I tried checking my hypothesis in the example *.conf files - nothing there. Then I tried it in practice: destination { program(/usr/bin/notify); }; This works better, but only seems to work when it starts up, but not thereafter. /usr/bin/notify is a /bin/sh script. Does this just not work in v1.4.10?? It's getting rather frustrating. I'm running in Red Hat Linux 6.2 without all the bells and whistles (like X). I'd *REALLY* like to get this to work - it's one of the big draws to syslog-ng for me.
destination { program(/usr/bin/notify); };
This works better, but only seems to work when it starts up, but not thereafter. /usr/bin/notify is a /bin/sh script.
Does this just not work in v1.4.10?? It's getting rather frustrating.
I'm running in Red Hat Linux 6.2 without all the bells and whistles (like X). I'd *REALLY* like to get this to work - it's one of the big draws to syslog-ng for me.
I would guess that the shell script should look like this: --cut-- #!/bin/sh while read line ; do # stuff to do, presumably pager, or email or some such. done --cut-- Syslog-ng (IIRC), will open up a pipe to the script/program in question, and feed it stuff on STDIN. I don't think it re-executes the program with each message. I may be totally wrong, your mileage may vary, etc. Cheers! -- A.L.Lambert ------------------------------------------------------------------------ The problems that exist in the world today cannot be solved by the level of thinking that created them... -Einstein ------------------------------------------------------------------------
"A.L.Lambert" wrote:
destination { program(/usr/bin/notify); };
This works better, but only seems to work when it starts up, but not thereafter. /usr/bin/notify is a /bin/sh script.
Does this just not work in v1.4.10?? It's getting rather frustrating.
I'm running in Red Hat Linux 6.2 without all the bells and whistles (like X). I'd *REALLY* like to get this to work - it's one of the big draws to syslog-ng for me.
I would guess that the shell script should look like this: --cut-- #!/bin/sh
while read line ; do # stuff to do, presumably pager, or email or some such. done --cut--
Syslog-ng (IIRC), will open up a pipe to the script/program in question, and feed it stuff on STDIN. I don't think it re-executes the program with each message. I may be totally wrong, your mileage may vary, etc. Cheers!
The script is this: #!/bin/sh # notify: send a page via email PAGER=${PAGER:-<mypagebyemail>} if [ $# -gt 0 ] ; then /bin/mail $PAGER <<!* $(echo $@) !* else while read LINE ; do /bin/mail $PAGER done fi ...this doesn't work reliably from syslog-ng 1.4.10 ... PS: Now if I could just hit "Reply" to answer back to the list.....
On Tue, Jun 05, 2001 at 11:01:05AM -0500, David Douthitt wrote:
I've been trying to use:
destination { program("/usr/bin/notify"); };
...and it doesn't work. No error messages. No log messages. No nothing at all.
Then I had a flash, and tried checking my hypothesis against the documentation - nothing there. Then I tried checking my hypothesis in the example *.conf files - nothing there. Then I tried it in practice:
destination { program(/usr/bin/notify); };
This works better, but only seems to work when it starts up, but not thereafter. /usr/bin/notify is a /bin/sh script.
Does this just not work in v1.4.10?? It's getting rather frustrating.
I'm running in Red Hat Linux 6.2 without all the bells and whistles (like X). I'd *REALLY* like to get this to work - it's one of the big draws to syslog-ng for me.
the line you quoted above is syntactically incorrect. I assume it's only a cut&paste problem, it should be something like: destination d_pager { program("/usr/bin/notify"); }; syslog-ng runs the program once, then feeds each line to its stdin. Upon reloading syslog-ng the program gets a SIGTERM signal. Apart from that the program destination should work well. I've just tried and it did work. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
Balazs Scheidler on Wed, Jun 06, 2001 at 01:06:01PM +0200:
syslog-ng runs the program once, then feeds each line to its stdin. Upon reloading syslog-ng the program gets a SIGTERM signal.
Apart from that the program destination should work well. I've just tried and it did work.
actually, I think apart from not being clearly documented, program() works well :) I have been using it with a script that triggers notifications every X messages and/or every X seconds. This can be done really easy by spawning a subshell, storing its PID, and using a sleep timer in the parent. The child reads STDIN and watches the message treshold. I think what most people think program() is for, is spawning their script for every message, which is obviously not a good thing to do :) Greetings, -- ____ ____ / _/| - > Gregor Binder <gb@(rootnexus.net|sysfive.com)> | / || _\ \ \__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B
Gregor Binder wrote:
actually, I think apart from not being clearly documented, program() works well :)
I'll change that if someone doesn't fend me off :-)
I have been using it with a script that triggers notifications every X messages and/or every X seconds. This can be done really easy by spawning a subshell, storing its PID, and using a sleep timer in the parent. The child reads STDIN and watches the message treshold.
I think what most people think program() is for, is spawning their script for every message, which is obviously not a good thing to do :)
Well, that would be the OBVIOUS thing to do - though from a system standpoint, that would likely lead to some serious performance degradation. The idea of continually "feeding message after message" makes more sense, but has to be programmed for, and isn't the first thing thought of. I also noticed that the messages thus sent still have their syslog-based "<99>message" format; is there - could there be - an option to strip the "<XX>" from the message? My program which is responding is a generic program so I don't want to put it in there - it responds to things other than syslog messages.
David Douthitt on Wed, Jun 06, 2001 at 09:21:18AM -0500: Hi,
I think what most people think program() is for, is spawning their script for every message, which is obviously not a good thing to do :)
Well, that would be the OBVIOUS thing to do - though from a system standpoint, that would likely lead to some serious performance degradation. The idea of continually "feeding message after message" makes more sense, but has to be programmed for, and isn't the first thing thought of.
well, it's not only performance, it's some very serious potential for a DoS condition (exhaustion of process table, RAM, etc.) of both your computer and possibly your cellphone, pager, emailbox, or whatever is receiving those notifications. You will need to define and check tresholds somewhere, and it's sort of tough to keep state across program calls (would have to be file-based or something ugly like that).
I also noticed that the messages thus sent still have their syslog-based "<99>message" format; is there - could there be - an option to strip the "<XX>" from the message? My program which is responding is a generic program so I don't want to put it in there - it responds to things other than syslog messages.
Is using a program destination like "sed -e 's#<XX>#<YY>#' | your_prog" an option? Regards, -- ____ ____ / _/| - > Gregor Binder <gb@(rootnexus.net|sysfive.com)> | / || _\ \ \__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B
Gregor Binder wrote:
Is using a program destination like "sed -e 's#<XX>#<YY>#' | your_prog" an option?
You can do that? I see that the program() destination is an execl() call - I didn't think a pipe would work there. Also, I noticed that items run via program() run as root - at least when syslog-ng is run as root. Is it possible to have syslog-ng drop priveledges? In fact, is it possible to have syslog-ng drop its own priveledges as soon as possible and run as a normal user? Perhaps as nobody?
David Douthitt on Wed, Jun 06, 2001 at 10:25:52AM -0500: David,
Is using a program destination like "sed -e 's#<XX>#<YY>#' | your_prog" an option?
You can do that? I see that the program() destination is an execl() call - I didn't think a pipe would work there.
hmm .. I guess you're right .. so you'd have to use a wrapper script to do that for you.
Also, I noticed that items run via program() run as root - at least when syslog-ng is run as root. Is it possible to have syslog-ng drop priveledges? In fact, is it possible to have syslog-ng drop its own priveledges as soon as possible and run as a normal user? Perhaps as nobody?
For program destinations, you could use "su -c your_program". Regards, -- ____ ____ / _/| - > Gregor Binder <gb@(rootnexus.net|sysfive.com)> | / || _\ \ \__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B
How about not even using program(), instead sending it to a destination that is a fifo (named pipe) and a program that listens to your fifo. This would at least save the overhead of loading the program called by program() every time a log is sent that way. Security wise, I guess you could make your program/script run as a different user. I'm pretty sure this would work, correct me otherwise. Cheers, John
Is using a program destination like "sed -e 's#<XX>#<YY>#' | your_prog" an option?
You can do that? I see that the program() destination is an execl() call - I didn't think a pipe would work there.
hmm .. I guess you're right .. so you'd have to use a wrapper script to do that for you.
Also, I noticed that items run via program() run as root - at least when syslog-ng is run as root. Is it possible to have syslog-ng drop priveledges? In fact, is it possible to have syslog-ng drop its own priveledges as soon as possible and run as a normal user? Perhaps as nobody?
For program destinations, you could use "su -c your_program".
John I on Wed, Jun 06, 2001 at 06:04:17PM +0100: John,
How about not even using program(), instead sending it to a destination that is a fifo (named pipe) and a program that listens to your fifo.
you're absolutely right, but this has some drawbacks. First, you'll have to make sure your program is running as well (one more thing to worry about), and you'll have to configure the filename in two places vs. just using STDIN in your script. That would probably be managable though :)
This would at least save the overhead of loading the program called by program() every time a log is sent that way.
Well, this overhead doesn't exist (see further up in this thread) because program is only started once. And it is terminated when syslog-ng terminates. Regards, -- ____ ____ / _/| - > Gregor Binder <gb@(rootnexus.net|sysfive.com)> | / || _\ \ \__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B
David Douthitt <ssrat@mailbag.com> writes:
Also, I noticed that items run via program() run as root - at least when syslog-ng is run as root. Is it possible to have syslog-ng drop priveledges? In fact, is it possible to have syslog-ng drop its own priveledges as soon as possible and run as a normal user? Perhaps as nobody?
I made a patch for the latter, it's included in a modified form in current releases. You are not doing your studies :) -- tv@{{hq.yok.utu,havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com} unix, linux, debian, networks, security, | First snow, then silence. kernel, TCP/IP, C, perl, free software, | This thousand dollar screen dies mail, www, sw devel, unix admin, hacks. | so beautifully.
Balazs Scheidler wrote:
the line you quoted above is syntactically incorrect. I assume it's only a cut&paste problem, it should be something like:
destination d_pager { program("/usr/bin/notify"); };
Da. I forgot that part - I called it "pager" ...
syslog-ng runs the program once, then feeds each line to its stdin. Upon reloading syslog-ng the program gets a SIGTERM signal.
That's useful to know. The shell script uses a: while read LINE ; do ... done ...loop to read input
Apart from that the program destination should work well. I've just tried and it did work.
Does it work with shell scripts? With pdksh?
participants (6)
-
A.L.Lambert
-
Balazs Scheidler
-
David Douthitt
-
Gregor Binder
-
John I
-
Tommi Virtanen