[syslog-ng]syslog-ng messages sent to outside prog

Snortball snortball@hotmail.com
Tue, 6 Nov 2001 10:53:23 -0500


I'M VERY VERY SORRY! This was supposed to go to the sender, not the
list....I promise I'll stop being stupid....

----- Original Message -----
From: "Snortball" <snortball@hotmail.com>
To: <syslog-ng@lists.balabit.hu>
Sent: Tuesday, November 06, 2001 9:25 AM
Subject: Re: [syslog-ng]syslog-ng messages sent to outside prog


> Hi,
>
> Is there any chance that I can get a copy of your mail script? I can't
seem
> to get one to work. Yes, I'm a newbie.....but I'm trying!
>
> Thanks,
>
> Sb
> ----- Original Message -----
> From: "Nate Campi" <nate@campin.net>
> To: <syslog-ng@lists.balabit.hu>
> Sent: Monday, November 05, 2001 6:03 PM
> Subject: [syslog-ng]syslog-ng messages sent to outside prog
>
>
> > I setup a match line to match the string "attackalert" from portsentry,
> > and I pipe this off to a script that mails it to me.
> >
> > This works great, but I get emails with "<29>" prepended to it. Example:
> >
> >   <29>Nov 5 12:46:37 skitzo portsentry[121]: attackalert: Host
> >   209.202.221.43 has been blocked via dropped route using command:
> >   "/usr/local/sbin/iptables -I INPUT -s 209.202.221.43 -j
> >   DROP"
> >
> > I just setup sqlsyslogd to output to a mysql database from a program()
> > destination, and it prepends the <29> to the messages sent there as
> > well.
> >
> > I checked out http://www.ietf.org/rfc/rfc3164.txt and it looks like this
> > is a priority. How can I keep this from showing up in the output? I
> > hacked sqlsyslogd to print the string from 4 chars into the timestamp,
> > so my mysql inputs are clean, but what do I do to clean up the mail?
> > --
> > Nate Campi        http://www.campin.net        GnuPG key: 0xC17AEF79
> > Key fingerprint = BF12 722F 8799 E614 33CC  FAB7 5A90 C464 C17A EF79
> >
> > _______________________________________________
> > syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >
>
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>