[syslog-ng] regular expressions ...
Josef Bergmann
joe@bec.at
Wed, 1 Sep 1999 02:29:20 +0200
Hi Balazs!
On 31 Aug 99, at 11:36, Balazs Scheidler wrote:
> filter f_alerts { match("(alert)|(breakin)|..."); };
Ok, thanks again I've fiddled around now a little bit with the filter and yes
this works fine :)
> destination d_script { program("/usr/local/sbin/alertscript"); };
> log { source(src); filter(f_alerts); destination(d_script); };
>
> The script is run as soon as syslog-ng starts up, and is kept running until the
> configuration is reloaded, or syslog-ng is terminated.
Is it possible to run the script only when the filter matches? I want sent a
mail (with the logentry) when a specific event (eg. kernel deny filter) occurs.
For example the log look like this:
Aug 31 21:50:06 gate kernel: IP fw-in deny eth1 UDP 193.XXX.XXX.XXX:137
193.XXX.XXX.XXX:137 L=78 S=0x00 I=39426 F=0x0000 T=128
I want filter this event and send a mail with the logentry if it occurs.
filter f_alert1 { match("deny"); };
destination d_script {program("/usr/local/sbin/alertscript"); };
log {source(src); filter(f_alert1); destination(d_script); };
#!/bin/sh
# alerscript
# did not work
mail -s "Alert" root $1
bye Josef
--
BERGMANN engineering & consulting http://bec.at/
And remember that old savvy sayin'
'Some folk tell ya everything they know, and then keep on talkin' !'