[syslog-ng] Email Alerts from Syslog-ng
Stuart Burgis
stuart.burgis at businessfcl.com
Wed Feb 8 05:43:14 CET 2006
I am a fairly new to all this so please excuse me.
I am having lots of problems getting syslog-ng to send email alerts based upon certain text based filters. I am running RedHat 9.0 with syslog-ng-1.6.2-1 installed from the rpm, I have configured the syslog-ng.conf file correctly to enable filtering with a match statement for a specific IP address in the logs and this works when using ‘destination file { file("/etc/syslog-ng/test.log"); };’ but when I point this to the perl script that I have got off of this URL HYPERLINK "http://www.campin.net/newlogcheck.html"http://www.campin.net/newlogcheck.html I get nothing. Please see below the destination statement and perl script that I have created with executable permissions.
Syslog-ng.conf
destination email { program("/etc/syslog-ng/mail.pl"); };
filter f_test {
match(192.168.1.1);
};
log {
source(src);
filter(f_test);
destination(email);
};
Mail.pl
#!/usr/bin/perl -n
#
## shell version
#
# while read line; do
# echo $line | /bin/mail -s "log alert" support at businessfcl.com
# done
# strip the priority
s/^<[\d]{1,2}>//;
# mail the cleaned up message
system("echo \"$_\" | /bin/mail -s \"log alert\" monitor");
Every time I restart the syslog-ng service I get a mail to the monitor user which would indicate that the perl script sends mail and that syslog-ng runs it during startup but it does not appear to work when the filter is applied. Can any one help with this please?
Regards
Stuart Burgis
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 267.15.2/252 - Release Date: 06/02/2006
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20060208/be6c2836/attachment.htm
More information about the syslog-ng
mailing list