Hello. I have written a C program that read the successful POP3 access log lines to my POP3 server. After get one line, it get the time and the POP3 account that logged in. These data are then stored in the account MySQL database. The program (named 'pop3_access') works fine: echo "Apr 10 12:00:17 mail1 pop3d: LOGIN, user= xxx@domain.tld, ip=[::ffff:xxx.yyy.zzz.vvv], port=[56196]"|./pop3_access Infact quering DB, I get: username pop3_last_access xxx@domain.tld 2018-04-10 12:00:17 I have configured syslog: filter f_pop3_access { facility(local7) and match ('LOGIN,'); }; destination d_pop3_last_access { program("/usr/local/bin/pop3_access >/dev/null" ); }; log { source(src); filter(f_pop3_access); destination(d_pop3_last_access); }; But no rows are inserted in the database..
From log of destination program 'pop3_access' I see the it remains in a while loop waiting for an 'EOF' that never arrives:
while (fgets(line, MAXSTR, stdin)) { if (sscanf(line, "%s %d %s %s %s %s %s %s %s", mese, &giorno, ora, s, proto, comando, u, ip, porta) != 9){ syslog (LOG_NOTICE, "Errore scanf"); exit(-1); } } How I have to do so that my program succeed in taking the syslog row correctly, and then returns after process the data as expected? Regards, Rocco Scappatura
Hello, A long time ago the program() destination worked as you expect, one program execution per log line. However this is very inefficient so it was changed to execute the program once and syslog-ng feeds its stdin - so you've got to implement a loop in your app which handles incoming messages one by one until syslog-ng exits and your app will get an EOF. Regards, Sandor On 04/20/2018 06:39 PM, Scappatura Rocco wrote:
Hello.
I have written a C program that read the successful POP3 access log lines to my POP3 server. After get one line, it get the time and the POP3 account that logged in. These data are then stored in the account MySQL database.
The program (named 'pop3_access') works fine:
echo "Apr 10 12:00:17 mail1 pop3d: LOGIN, user= xxx@domain.tld, ip=[::ffff:xxx.yyy.zzz.vvv], port=[56196]"|./pop3_access
Infact quering DB, I get:
username pop3_last_access xxx@domain.tld 2018-04-10 12:00:17
I have configured syslog:
filter f_pop3_access { facility(local7) and match ('LOGIN,'); }; destination d_pop3_last_access { program("/usr/local/bin/pop3_access >/dev/null" ); }; log { source(src); filter(f_pop3_access); destination(d_pop3_last_access); };
But no rows are inserted in the database..
From log of destination program 'pop3_access' I see the it remains in a while loop waiting for an 'EOF' that never arrives:
while (fgets(line, MAXSTR, stdin)) { if (sscanf(line, "%s %d %s %s %s %s %s %s %s", mese, &giorno, ora, s, proto, comando, u, ip, porta) != 9){ syslog (LOG_NOTICE, "Errore scanf"); exit(-1); } }
How I have to do so that my program succeed in taking the syslog row correctly, and then returns after process the data as expected?
Regards,
Rocco Scappatura ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hello. Thanks for the answer Sandor Geller. Could you please show me a template program() destination that works following the logic you explained in your answer? Regards, Rocco
-----Messaggio originale----- Da: Scappatura Rocco Inviato: venerdì 20 aprile 2018 18:40 A: 'syslog-ng@lists.balabit.hu' <syslog-ng@lists.balabit.hu> Oggetto: Destination program input
Hello.
I have written a C program that read the successful POP3 access log lines to my POP3 server. After get one line, it get the time and the POP3 account that logged in. These data are then stored in the account MySQL database.
The program (named 'pop3_access') works fine:
echo "Apr 10 12:00:17 mail1 pop3d: LOGIN, user= xxx@domain.tld, ip=[::ffff:xxx.yyy.zzz.vvv], port=[56196]"|./pop3_access
Infact quering DB, I get:
username pop3_last_access xxx@domain.tld 2018-04-10 12:00:17
I have configured syslog:
filter f_pop3_access { facility(local7) and match ('LOGIN,'); }; destination d_pop3_last_access { program("/usr/local/bin/pop3_access
/dev/null" ); }; log { source(src); filter(f_pop3_access); destination(d_pop3_last_access); };
But no rows are inserted in the database..
From log of destination program 'pop3_access' I see the it remains in a while loop waiting for an 'EOF' that never arrives:
while (fgets(line, MAXSTR, stdin)) { if (sscanf(line, "%s %d %s %s %s %s %s %s %s", mese, &giorno, ora, s, proto, comando, u, ip, porta) != 9){ syslog (LOG_NOTICE, "Errore scanf"); exit(-1); } }
How I have to do so that my program succeed in taking the syslog row correctly, and then returns after process the data as expected?
Regards,
Rocco Scappatura
Hello. I have found the problem that cause my destination program not work. Indeed I see that the log line received by the destination program are preceeded by the string '<190>'. I can't explain why this strings appear, but after updating the program so that the log line are trimmed of the leading characters, the program has worked as I expected. Could someone explain why the string '<190>' appear? Regards, Rocco
-----Messaggio originale----- Da: syslog-ng [mailto:syslog-ng-bounces@lists.balabit.hu] Per conto di Scappatura Rocco Inviato: lunedì 23 aprile 2018 11:08 A: 'syslog-ng@lists.balabit.hu' <syslog-ng@lists.balabit.hu> Oggetto: [syslog-ng] R: Destination program input
Hello.
Thanks for the answer Sandor Geller. Could you please show me a template program() destination that works following the logic you explained in your answer?
Regards,
Rocco
-----Messaggio originale----- Da: Scappatura Rocco Inviato: venerdì 20 aprile 2018 18:40 A: 'syslog-ng@lists.balabit.hu' <syslog-ng@lists.balabit.hu> Oggetto: Destination program input
Hello.
I have written a C program that read the successful POP3 access log lines to my POP3 server. After get one line, it get the time and the POP3 account that logged in. These data are then stored in the account MySQL database.
The program (named 'pop3_access') works fine:
echo "Apr 10 12:00:17 mail1 pop3d: LOGIN, user= xxx@domain.tld, ip=[::ffff:xxx.yyy.zzz.vvv], port=[56196]"|./pop3_access
Infact quering DB, I get:
username pop3_last_access xxx@domain.tld 2018-04-10 12:00:17
I have configured syslog:
filter f_pop3_access { facility(local7) and match ('LOGIN,'); }; destination d_pop3_last_access { program("/usr/local/bin/pop3_access
/dev/null" ); }; log { source(src); filter(f_pop3_access); destination(d_pop3_last_access); };
But no rows are inserted in the database..
From log of destination program 'pop3_access' I see the it remains in a while loop waiting for an 'EOF' that never arrives:
while (fgets(line, MAXSTR, stdin)) { if (sscanf(line, "%s %d %s %s %s %s %s %s %s", mese, &giorno, ora, s, proto, comando, u, ip, porta) != 9){ syslog (LOG_NOTICE, "Errore scanf"); exit(-1); } }
How I have to do so that my program succeed in taking the syslog row correctly, and then returns after process the data as expected?
Regards,
Rocco Scappatura
____________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Because we are using the standard syslog format when sending it to a program() destination and 190 tells the facility and severity of the message. You can customize the output using a template() option, e.g.: program("/bin/foobar" template("$ISODATE $HOST $MSGHDR$MSG\n")); But you can include any macro or name-value pair in the template, or even transform the output using template functions. The template language is a pretty powerful part of syslog-ng that allows a lot of customization on how a log message is sent to a peer. Bazsi -- Bazsi On Tue, Apr 24, 2018 at 4:47 PM, Scappatura Rocco < Rocco.Scappatura@infracom.it> wrote:
Hello.
I have found the problem that cause my destination program not work.
Indeed I see that the log line received by the destination program are preceeded by the string '<190>'.
I can't explain why this strings appear, but after updating the program so that the log line are trimmed of the leading characters, the program has worked as I expected.
Could someone explain why the string '<190>' appear?
Regards,
Rocco
-----Messaggio originale----- Da: syslog-ng [mailto:syslog-ng-bounces@lists.balabit.hu] Per conto di Scappatura Rocco Inviato: lunedì 23 aprile 2018 11:08 A: 'syslog-ng@lists.balabit.hu' <syslog-ng@lists.balabit.hu> Oggetto: [syslog-ng] R: Destination program input
Hello.
Thanks for the answer Sandor Geller. Could you please show me a template program() destination that works following the logic you explained in your answer?
Regards,
Rocco
-----Messaggio originale----- Da: Scappatura Rocco Inviato: venerdì 20 aprile 2018 18:40 A: 'syslog-ng@lists.balabit.hu' <syslog-ng@lists.balabit.hu> Oggetto: Destination program input
Hello.
I have written a C program that read the successful POP3 access log lines to my POP3 server. After get one line, it get the time and the POP3 account that logged in. These data are then stored in the account MySQL database.
The program (named 'pop3_access') works fine:
echo "Apr 10 12:00:17 mail1 pop3d: LOGIN, user= xxx@domain.tld, ip=[::ffff:xxx.yyy.zzz.vvv], port=[56196]"|./pop3_access
Infact quering DB, I get:
username pop3_last_access xxx@domain.tld 2018-04-10 12:00:17
I have configured syslog:
filter f_pop3_access { facility(local7) and match ('LOGIN,'); }; destination d_pop3_last_access { program("/usr/local/bin/pop3_access
/dev/null" ); }; log { source(src); filter(f_pop3_access); destination(d_pop3_last_access); };
But no rows are inserted in the database..
From log of destination program 'pop3_access' I see the it remains in a while loop waiting for an 'EOF' that never arrives:
while (fgets(line, MAXSTR, stdin)) { if (sscanf(line, "%s %d %s %s %s %s %s %s %s", mese, &giorno, ora, s, proto, comando, u, ip, porta) != 9){ syslog (LOG_NOTICE, "Errore scanf"); exit(-1); } }
How I have to do so that my program succeed in taking the syslog row correctly, and then returns after process the data as expected?
Regards,
Rocco Scappatura
____________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hello. Perfect! Problem solved using templates! Regards, RS Da: syslog-ng [mailto:syslog-ng-bounces@lists.balabit.hu] Per conto di Scheidler, Balázs Inviato: martedì 24 aprile 2018 16:52 A: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Oggetto: Re: [syslog-ng] R: Destination program input Because we are using the standard syslog format when sending it to a program() destination and 190 tells the facility and severity of the message. You can customize the output using a template() option, e.g.: program("/bin/foobar" template("$ISODATE $HOST $MSGHDR$MSG\n")); But you can include any macro or name-value pair in the template, or even transform the output using template functions. The template language is a pretty powerful part of syslog-ng that allows a lot of customization on how a log message is sent to a peer. Bazsi -- Bazsi On Tue, Apr 24, 2018 at 4:47 PM, Scappatura Rocco <Rocco.Scappatura@infracom.it<mailto:Rocco.Scappatura@infracom.it>> wrote: Hello. I have found the problem that cause my destination program not work. Indeed I see that the log line received by the destination program are preceeded by the string '<190>'. I can't explain why this strings appear, but after updating the program so that the log line are trimmed of the leading characters, the program has worked as I expected. Could someone explain why the string '<190>' appear? Regards, Rocco
-----Messaggio originale----- Da: syslog-ng [mailto:syslog-ng-bounces@lists.balabit.hu<mailto:syslog-ng-bounces@lists.balabit.hu>] Per conto di Scappatura Rocco Inviato: lunedì 23 aprile 2018 11:08 A: 'syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>' <syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>> Oggetto: [syslog-ng] R: Destination program input
Hello.
Thanks for the answer Sandor Geller. Could you please show me a template program() destination that works following the logic you explained in your answer?
Regards,
Rocco
-----Messaggio originale----- Da: Scappatura Rocco Inviato: venerdì 20 aprile 2018 18:40 A: 'syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>' <syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>> Oggetto: Destination program input
Hello.
I have written a C program that read the successful POP3 access log lines to my POP3 server. After get one line, it get the time and the POP3 account that logged in. These data are then stored in the account MySQL database.
The program (named 'pop3_access') works fine:
echo "Apr 10 12:00:17 mail1 pop3d: LOGIN, user= xxx@domain.tld<mailto:xxx@domain.tld>, ip=[::ffff:xxx.yyy.zzz.vvv], port=[56196]"|./pop3_access
Infact quering DB, I get:
username pop3_last_access xxx@domain.tld<mailto:xxx@domain.tld> 2018-04-10 12:00:17
I have configured syslog:
filter f_pop3_access { facility(local7) and match ('LOGIN,'); }; destination d_pop3_last_access { program("/usr/local/bin/pop3_access
/dev/null" ); }; log { source(src); filter(f_pop3_access); destination(d_pop3_last_access); };
But no rows are inserted in the database..
From log of destination program 'pop3_access' I see the it remains in a while loop waiting for an 'EOF' that never arrives:
while (fgets(line, MAXSTR, stdin)) { if (sscanf(line, "%s %d %s %s %s %s %s %s %s", mese, &giorno, ora, s, proto, comando, u, ip, porta) != 9){ syslog (LOG_NOTICE, "Errore scanf"); exit(-1); } }
How I have to do so that my program succeed in taking the syslog row correctly, and then returns after process the data as expected?
Regards,
Rocco Scappatura
____________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (3)
-
Sandor Geller
-
Scappatura Rocco
-
Scheidler, Balázs