[syslog-ng]program() destination
John_Delisle@ceridian.ca
John_Delisle@ceridian.ca
Wed, 28 Feb 2001 16:44:56 -0600
--0__=06256A01007CF7178f9e8a93df938690918c06256A01007CF717
Content-type: text/plain; charset=us-ascii
I've updated the script, looks like after deleting the file syslog-ng
doesn't recreate. Here is the modified code.
#!/bin/bash
#
# mail_log.sh
# by John Delisle john_delisle@ceridian.ca
# Feb 28 2001
#
#
# If a file $1 exists, it mails its contents to $2, and deletes $1
#
#
MAILPROG="/usr/sbin/mail"
FACSEV="user.info"
if [ $# != 2 ]; then
echo "Usage: $0 file_to_check email_address"
exit 1;
fi
if [ ! -s $1 ]; then
#echo "$1 not found or size not greater than 0, exiting"
exit 2;
else
$MAILPROG $2 < $1
echo "Message Sent to $2";
logger -p $FACSEV "Message from $1 sent to $2"
echo "Removing $1";
> $1
fi
exit 0;
John Delisle
Corporate Technology
Ceridian Canada Ltd
204-975-5909
John_Delisle@ceridian.
ca To: syslog-ng@lists.balabit.hu
Sent by: cc:
syslog-ng-admin@lists. Subject: Re: [syslog-ng]program() destination
balabit.hu
2001/02/28 04:27 PM
Please respond to
syslog-ng
I've found a way to send the message to an email address. It's a bit of a
hack, but.. Basically you output your log to a file, and have a cron job
that watches for that file, emails its contents, and deletes it. I'm using
it to email a pager.
1- Configure your source line properly for the type of log you are catching
2 - Add a destination file rule
3 - Add a filter to filter for what you're looking for
4 - Add a log with above source, filter, and destination
5 - Install this script in /usr/bin or wherever
6 - Add a cron job such as the example that follows
Sample syslog-ng.conf
------------------------------------------
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (yes);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};
source s_sys { unix-stream ("/dev/log"); internal(); };
source s_remote { udp(ip(0.0.0.0) port(514)); };
destination d_powerpay { file("/var/log/powerpay"); };
destination d_powerpay_email { file("/var/log/powerpay_email"); };
filter f_emerg { level(emerg); };
filter f_powerpay { facility(local1); };
log { source(s_remote); filter(f_powerpay); destination(d_powerpay); };
log { source(s_remote); filter(f_powerpay); filter(f_emerg);
destination(d_powerpay_email); };
log { source(s_remote); filter(DEFAULT); destination(d_mesg); };
-------------------------------------
Sample cron entry
------------------------------------
5,10,15,20,25,30,35,40,45,50,55,0 * * * * /usr/bin/mail_log.sh
/var/log/powerpay_email inet_admin@ceridian.ca
-----------------------------------
mail_log.sh script
-----------------------------------
#!/bin/bash
#
# mail_log.sh
# by John Delisle john_delisle@ceridian.ca
# Feb 28 2001
#
#
# If a file $1 exists, it mails its contents to $2, and deletes $1
#
#
MAILPROG="/usr/sbin/mail"
if [ $# != 2 ]; then
echo "Usage: $0 file_to_check email_address"
exit 1;
fi
if [ ! -e $1 ]; then
#echo "$1 not found, exiting"
exit 2;
else
$MAILPROG $2 < $1
echo "Message Sent to $2";
echo "Removing $2";
rm $2
fi
exit 0;
-----------------------------------
John Delisle
Corporate Technology
Ceridian Canada Ltd
204-975-5909
John_Delisle@ceridian.
ca To:
syslog-ng@lists.balabit.hu
Sent by: cc:
syslog-ng-admin@lists. Subject: Re:
[syslog-ng]program() destination
balabit.hu
2001/02/28 01:59 PM
Please respond to
syslog-ng
Maciek, have you had any success sending email using this method? I'm
trying to get syslog-ng to send an email when a certain alert comes in.
John Delisle
Corporate Technology
Ceridian Canada Ltd
204-975-5909
Maciek Pasternacki
<maciekp@japhy.fnord.o To:
syslog-ng@lists.balabit.hu
rg> cc:
Sent by: Subject:
[syslog-ng]program() destination
syslog-ng-admin@lists.
balabit.hu
2001/02/28 12:43 PM
Please respond to
syslog-ng
Hello,
I have following configuration on my machine:
source logdev { unix-stream("/dev/log"); };
destination foo { program("/home/foo/.bin/loglogs.pl"); };
filter f_foo { not priority(debug) and not facility(mail); };
log { source(logdev); filter(f_foo); destination(foo); };
File /home/foo/.bin/loglogs.pl come as follows:
#!/usr/bin/perl
open FOO, ">/tmp/loglog.log";
while ( <STDIN> ) {
print FOO $_;
}
close FOO;
Could anybody tell why file /tmp/loglog.log stays empty no matter what I
do?
Greets,
--Maciek
--
__ Maciek Pasternacki <maciekp@japhy.fnord.org> [ http://japhy.fnord.org/ ]
`| _ |_\ / *CENSORED* ( full version at http://japhy.fnord.org/sig.txt )
,|{-}|}| }\/
\/ |____/
(See attached file: atty1o2p.dat)
(See attached file: atty1o2p.dat)
(See attached file: atty1o2p.dat)
--0__=06256A01007CF7178f9e8a93df938690918c06256A01007CF717
Content-type: application/octet-stream;
name="atty1o2p.dat"
Content-Disposition: attachment; filename="atty1o2p.dat"
Content-transfer-encoding: base64
LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0NClZlcnNpb246IEdudVBHIHYxLjAuNCAoR05V
L0xpbnV4KQ0KQ29tbWVudDogRm9yIGluZm8gc2VlIGh0dHA6Ly93d3cuZ251cGcub3JnDQoNCmlE
OERCUUU2blViUUxnT3Z0cGtzbUJVUkFsaXhBSjQzMlNIWFVPZHc0TFFSdklFUlVJWkFWRzRLWEFD
Y0Q5dk8NCjlwL0dpL2tiTzlld1A2T211LzhMY1U0PQ0KPWgzaWENCi0tLS0tRU5EIFBHUCBTSUdO
QVRVUkUtLS0tLQ0K
--0__=06256A01007CF7178f9e8a93df938690918c06256A01007CF717--