[syslog-ng]syslog-ng messages sent to outside prog
Snortball
snortball@hotmail.com
Tue, 6 Nov 2001 09:25:43 -0500
Hi,
Is there any chance that I can get a copy of your mail script? I can't seem
to get one to work. Yes, I'm a newbie.....but I'm trying!
Thanks,
Sb
----- Original Message -----
From: "Nate Campi" <nate@campin.net>
To: <syslog-ng@lists.balabit.hu>
Sent: Monday, November 05, 2001 6:03 PM
Subject: [syslog-ng]syslog-ng messages sent to outside prog
> I setup a match line to match the string "attackalert" from portsentry,
> and I pipe this off to a script that mails it to me.
>
> This works great, but I get emails with "<29>" prepended to it. Example:
>
> <29>Nov 5 12:46:37 skitzo portsentry[121]: attackalert: Host
> 209.202.221.43 has been blocked via dropped route using command:
> "/usr/local/sbin/iptables -I INPUT -s 209.202.221.43 -j
> DROP"
>
> I just setup sqlsyslogd to output to a mysql database from a program()
> destination, and it prepends the <29> to the messages sent there as
> well.
>
> I checked out http://www.ietf.org/rfc/rfc3164.txt and it looks like this
> is a priority. How can I keep this from showing up in the output? I
> hacked sqlsyslogd to print the string from 4 chars into the timestamp,
> so my mysql inputs are clean, but what do I do to clean up the mail?
> --
> Nate Campi http://www.campin.net GnuPG key: 0xC17AEF79
> Key fingerprint = BF12 722F 8799 E614 33CC FAB7 5A90 C464 C17A EF79
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>