[syslog-ng]syslog-ng email alerts
Agnelo dsouza
syslog-ng@lists.balabit.hu
Sun, 4 Apr 2004 23:21:41 -0700 (PDT)
--0-363516933-1081146101=:66131
Content-Type: text/plain; charset=us-ascii
Hi,
I've configured syslog-ng for receiving alerts from remote system( /var/log/messages). I've configured 2 destinations
1. A file snort.log , i'm getting alerts in this file
2. email alerts, i'm unable to receive email alerts
I've tested the script alert_mail.sh externally and it works.(i'm able to get mails, so sendmail is working)
can someone help in solving this problem.
Regards,
Agnelo
syslog-ng.conf
==================
source sensors
{
internal();
tcp(ip(10.0.41.175) port(514) max-connections(7));
unix-stream("/dev/log");
};
destination localhost
{
file("/var/log/snort.log");
};
destination email_alert_script {program ("/usr/local/bin/alert_mail.sh"); };
log { source(sensors); destination(localhost); };
log {source(sensors); destination(email_alert_script); };
==========================
alert_mail.sh
====================
#!/bin/sh
while read line; do
echo $line |mail -s "Snort Alert" idsalert@xxxx.com
done
---------------------------------
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway - Enter today
--0-363516933-1081146101=:66131
Content-Type: text/html; charset=us-ascii
<DIV>
<DIV><FONT face=Verdana size=1>Hi,</FONT></DIV>
<DIV><FONT face=Verdana size=1>I've configured syslog-ng for receiving alerts from remote system( /var/log/messages). I've configured 2 destinations </FONT></DIV>
<DIV><FONT face=Verdana size=1>1. A file snort.log , i'm getting alerts in this file</FONT></DIV>
<DIV><FONT face=Verdana size=1>2. email alerts, i'm unable to receive email alerts</FONT></DIV>
<DIV><FONT face=Verdana size=1>I've tested the script alert_mail.sh externally and it works.(i'm able to get mails, so sendmail is working)<BR>can someone help in solving this problem.</FONT></DIV>
<DIV><FONT face=Verdana size=1></FONT> </DIV>
<DIV><FONT face=Verdana size=1>Regards,</FONT></DIV>
<DIV><FONT face=Verdana size=1></FONT> </DIV>
<DIV><FONT face=Verdana size=1>Agnelo</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Verdana size=1>syslog-ng.conf<BR>==================</FONT></DIV>
<DIV><FONT face=Verdana size=1>source sensors<BR> {<BR> internal();<BR> tcp(ip(10.0.41.175) port(514) max-connections(7));<BR> unix-stream("/dev/log");<BR> };<BR>destination localhost<BR> {<BR> file("/var/log/snort.log");<BR> };<BR>destination email_alert_script {program ("/usr/local/bin/alert_mail.sh"); };<BR>log { source(sensors); destination(localhost); };<BR>log {source(sensors); destination(email_alert_script); };<BR>==========================</FONT></DIV><FONT face=Verdana size=1>
<DIV><BR>alert_mail.sh<BR>====================<BR>#!/bin/sh<BR>while read line; do<BR>echo $line |mail -s "Snort Alert" <A href="http://uk.f250.mail.yahoo.com/ym/Compose?To=idsalert@xxxx.com" target=_blank>idsalert@xxxx.com</A><BR>done</DIV></FONT></DIV><p><hr size=1><font face=arial size=-1>Do you Yahoo!?<br>
<a href="http://us.rd.yahoo.com/evt=23609/*http://promotions.yahoo.com/design_giveaway/static/index2.html">Yahoo! Small Business $15K Web Design Giveaway</a> - Enter today
--0-363516933-1081146101=:66131--