[syslog-ng] regular expressions ...
Balazs Scheidler
bazsi@balabit.hu
Tue, 31 Aug 1999 11:36:14 +0200
> I made some fine Deb-Pakets from libol 0.2.3 and syslog-ng 1.1.31 and
> installed it on a Debian 2.1 system. Everthing works/logs nicely :-)
great. in the meanwhile I've released 1.1.32 and libol 0.2.5, you may want
to grab those as well.
> Now I want enable the "hashing-feature" and filter against a file with regex-
> terms but I found now proper info in the docs. How can configure this
> features? (I don't found "genh0" and "checkhash" as mentioned in the syslog-ng
> manpage).
>
> How can I realize a system which for example executes a script if a regex-
> target gets hit. The idea is to get a realtime logchecker which mails faults
> to the admin ...
hashing is not about a file with regexps in it. It is a digital fingerprint
of each log message stored along with the logfile. This way unauthorized
modification can easily be detected. However this feature is not yet
implemented in the 1.1.xx branch only in 1.0.x.
To do what you would like, you'll need the match filter and the new
destination called "program", like this
filter f_alerts { match("(alert)|(breakin)|..."); };
destination d_script { program("/usr/local/sbin/alertscript"); };
log { source(src); filter(f_alerts); destination(d_script); };
The script is run as soon as syslog-ng starts up, and is kept running until
the configuration is reloaded, or syslog-ng is terminated.
--
Bazsi