[syslog-ng] swatch in syslog-ng
R. V. C.
rvc_pobox at yahoo.com
Wed Mar 7 17:55:01 CET 2007
List,
I am trying (in vain) to get swatch to work with
syslog-ng.
Here is a list of my system specifics:
Freebsd 6.2
syslog-ng-1.6.11
swatch-3.1.1_1
stunnel-4.20
mysql-client-5.1.14
mysql-server-5.1.14
Ok so here is the problem. I can get swatch to read a
file via the
tail-file option:
destination swatch { program("/usr/local/bin/swatch
--config-file=/root/.swatchrc
--tail-file=/var/log/all.log"); };
This works fine.
However when I try to use the read-pipe option,
nothing ever comes out:
destination swatch {
program("/usr/local/bin/swatch --read-pipe=\"cat
/dev/fd/0\"");
};
I even tried using my mysql.pipe and creating a fifo
pipe (swatch.pipe)
just for swatch:
destination swatch.pipe { pipe("/var/log/swatch.pipe"
template("$FULLDATE
$HOST $FACILITY:$PRIORITY $MSG\n")); };
destination swatch { program("/usr/local/bin/swatch
--config-file=/root/.swatchrc
--tail-file=/var/log/swatch.pipe"); };
No dice. My log statement is the same for all of them:
log { source(logserver); filter(f_no_stats);
destination(swatch); };
with logserver being:
source logserver {
tcp(ip(127.0.0.1) port(5141) keep-alive(yes)
max_connections(100));
};
Which runs over stunnel.
Everything else works fine, dumping to mysql, or to a
flat file. I tried
putting all the destinations on one line, and then
separating them out
still no dice. From what I've read on the web this is
pretty easy to
setup. Can anyone tell me what I am doing wrong.
Thanks in advance.
I am including a copy of my syslog-ng.conf file:
#
# FreeBSD /etc/syslog.conf file.
#
#
# options
#
options {
long_hostnames(off);
keep_hostname(yes);
bad_hostname("gconfd");
bad_hostname("^(ctld.|cmd|tmd|last)$");
log_fifo_size(4096);
use_dns(yes);
dns_cache(yes);
time_reopen(10);
stats(3600);
sync(0);
};
#
# sources
#
source localhost {
unix-dgram("/var/run/log");
unix-dgram("/var/run/logpriv" perm(0600));
#udp();
#tcp(ip(127.0.0.1) port(5141) keep-alive(yes)
max_connections(100));
internal();
file("/dev/klog");
};
source logserver {
tcp(ip(127.0.0.1) port(5141) keep-alive(yes)
max_connections(100));
};
#
# destinations
#
destination messages { file("/var/log/messages"); };
destination security { file("/var/log/security"); };
destination authlog { file("/var/log/auth.log"); };
destination maillog { file("/var/log/maillog"); };
destination lpd-errs { file("/var/log/lpd-errs"); };
destination xferlog { file("/var/log/xferlog"); };
destination cron { file("/var/log/cron"); };
destination debuglog { file("/var/log/debug.log"); };
destination consolelog { file("/var/log/console.log");
};
destination all { file("/var/log/all.log"); };
destination newscrit {
file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err");
};
destination newsnotice {
file("/var/log/news/news.notice"); };
destination slip { file("/var/log/slip.log"); };
destination ppp { file("/var/log/ppp.log"); };
destination console { file("/dev/console"); };
destination allusers { usertty("*"); };
# Custom destinations
destination mysql {
pipe("/var/log/mysql.pipe"
template("INSERT INTO logs (host, facility, priority,
level, tag,
datetime, program, msg) VALUES ( '$HOST', '$FACILITY'
, '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY
$HOUR:$MIN:$SEC',
'$PROGRAM', '$MSG' );\n")
template-escape(yes));
};
destination archive {
file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/$FACILITY/$HOST-$FACILITY.$
YEAR$MONTH$DAY"
owner(root) group(root) perm(0600) dir_perm(0700)
create_dirs(yes));
};
destination swatch {
program("/usr/local/bin/swatch --read-pipe=\"cat
/dev/fd/0\"");
};
#destination swatch { program("/usr/local/bin/swatch
--config-file=\"/root/.swatchrc\"
--read-pipe=\"/bin/cat /dev/fd/0
\""); };
#destination swatch.pipe { pipe("/var/log/swatch.pipe"
template("$FULLDATE
$HOST $FACILITY:$PRIORITY $MSG\n")); };
#destination swatch { program("/usr/local/bin/swatch
--config-file=/root/.swatchrc
--tail-file=/var/log/all.log"); };
#destination sec { program("/usr/local/bin/sec
-input=\"-\"
-conf=/usr/local/etc/sec/general.sec"); };
#
# log facility filters
#
filter f_auth { facility(auth); };
filter f_authpriv { facility(authpriv); };
filter f_not_authpriv { not facility(authpriv); };
filter f_console { facility(console); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_ftp { facility(ftp); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_security { facility(security); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_local0 { facility(local0); };
filter f_local1 { facility(local1); };
filter f_local2 { facility(local2); };
filter f_local3 { facility(local3); };
filter f_local4 { facility(local4); };
filter f_local5 { facility(local5); };
filter f_local6 { facility(local6); };
filter f_local7 { facility(local7); };
#
# log level filters
#
filter f_emerg { level(emerg); };
filter f_alert { level(alert..emerg); };
filter f_crit { level(crit..emerg); };
filter f_err { level(err..emerg); };
filter f_warning { level(warning..emerg); };
filter f_notice { level(notice..emerg); };
filter f_info { level(info..emerg); };
filter f_debug { level(debug..emerg); };
filter f_is_debug { level(debug); };
#
# program filters
#
filter f_ppp { program("ppp"); };
filter f_slip { program("startslip"); };
#
# custom filters
#
filter f_no_stats { not match("STATS: dropped 0"); };
#
# *.err;kern.warning;auth.notice;mail.crit
/dev/console
#
log { source(localhost); filter(f_err);
destination(console); };
log { source(localhost); filter(f_kern);
filter(f_warning);
destination(console); };
log { source(localhost); filter(f_auth);
filter(f_notice);
destination(console); };
log { source(localhost); filter(f_mail);
filter(f_crit);
destination(console); };
#
#
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
/var/log/messages
#
log { source(localhost); filter(f_notice);
filter(f_not_authpriv);
destination(messages); };
log { source(localhost); filter(f_kern);
filter(f_debug);
destination(messages); };
log { source(localhost); filter(f_lpr);
filter(f_info);
destination(messages); };
log { source(localhost); filter(f_mail);
filter(f_crit);
destination(messages); };
log { source(localhost); filter(f_news);
filter(f_err);
destination(messages); };
#
# security.*
/var/log/security
#
log { source(localhost); filter(f_security);
destination(security); };
#
# auth.info;authpriv.info
/var/log/auth.log
log { source(localhost); filter(f_auth);
filter(f_info);
destination(authlog); };
log { source(localhost); filter(f_authpriv);
filter(f_info);
destination(authlog); };
#
# mail.info
/var/log/maillog
#
log { source(localhost); filter(f_mail);
filter(f_info);
destination(maillog); };
#
# lpr.info
/var/log/lpd-errs
#
log { source(localhost); filter(f_lpr);
filter(f_info);
destination(lpd-errs); };
#
# ftp.info
/var/log/xferlog
#
log { source(localhost); filter(f_ftp);
filter(f_info);
destination(xferlog); };
#
# cron.*
/var/log/cron
#
log { source(localhost); filter(f_cron);
destination(cron); };
#
# *.=debug
/var/log/debug.log
#
log { source(localhost); filter(f_is_debug);
destination(debuglog); };
#
# *.emerg
*
#
log { source(localhost); filter(f_emerg);
destination(allusers); };
#
# uncomment this to log all writes to /dev/console to
/var/log/console.log
# console.info
/var/log/console.log
#
log { source(localhost); filter(f_console);
filter(f_info);
destination(consolelog); };
#
# Log to mysql and the archive directory
#
log { source(logserver); filter(f_no_stats);
destination(mysql);
destination(archive); };
#
# Swatch
#
#log { source(logserver); filter(f_no_stats);
destination(all); };
log { source(logserver); filter(f_no_stats);
destination(swatch); };
#
# Local server
#
log { source(localhost); filter(f_no_stats);
destination(archive);
destination(mysql); };
#
# DEBUG
#
#log { source(localhost); destination(all); };
And a copy of my .swatchrc
watchfor /fail/
mail=robert.coward.ctr at deploymenthealth.osd.mil
echo
exec echo $0 | mail -s\"notice\" $0
R. V. C.
R. V. C.
More information about the syslog-ng
mailing list