[syslog-ng]syslog-ng messages sent to outside prog
Nate Campi
nate@campin.net
Mon, 5 Nov 2001 15:03:15 -0800
I setup a match line to match the string "attackalert" from portsentry,
and I pipe this off to a script that mails it to me.
This works great, but I get emails with "<29>" prepended to it. Example:
<29>Nov 5 12:46:37 skitzo portsentry[121]: attackalert: Host
209.202.221.43 has been blocked via dropped route using command:
"/usr/local/sbin/iptables -I INPUT -s 209.202.221.43 -j
DROP"
I just setup sqlsyslogd to output to a mysql database from a program()
destination, and it prepends the <29> to the messages sent there as
well.
I checked out http://www.ietf.org/rfc/rfc3164.txt and it looks like this
is a priority. How can I keep this from showing up in the output? I
hacked sqlsyslogd to print the string from 4 chars into the timestamp,
so my mysql inputs are clean, but what do I do to clean up the mail?
--
Nate Campi http://www.campin.net GnuPG key: 0xC17AEF79
Key fingerprint = BF12 722F 8799 E614 33CC FAB7 5A90 C464 C17A EF79