[syslog-ng] Destination program behavior
Fegan, Joe
Joe.Fegan at hp.com
Mon Oct 13 01:31:34 CEST 2008
Hi,
> My script is meant to run once and exit. Could it be the problem.
Yes absolutely. You cannot exit after each log message, that is not permitted and explains why you are getting the SIGPIPE errors. You have to run in a loop, reading and processing messages from stdin until you get an eof. See old postings to this list. Here's a pointer to one that gives an outline bash script that you can build upon.
https://lists.balabit.hu/pipermail/syslog-ng/2008-March/011512.html
Joe.
-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Gaetan Lord
Sent: 12 October 2008 15:25
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] Destination program behavior
Hi,
I try to define a log parser. The idea is to monitor every lines for
specific pattern and run action command.
My config lines are
destination syslog_parser { program("/usr/local/bin/test_syslog"); };
log { source(src); destination(syslog_parser); };
To test syslog-ng, I wrote a basic shell script, which only contain
/bin/echo "This is a test" | /usr/bin/wall
and exit
This should issue a "wall" command on every lines written in the syslog
I test it with the command "logger", and this do not work.
I have the following syslog-ng error when I start it.
Oct 10 13:04:00 minime1 syslog-ng[5470]: io.c: do_write: write()
failed (errno 32), Broken pipe
Oct 10 13:04:00 minime1 syslog-ng[5470]: pkt_buffer::do_flush(): Error
flushing data
I'm currently running version 1.6 from SLES10, syslog-ng-1.6.8-20.18 for IA64
I red the documentation provided by the package, and saw the following
NOTE: the program is executed once at startup, and kept running until
SIGHUP or exit. The reason is to prevent starting up a large number of
programs for messages, which would imply an easy DoS.
My script is meant to run once and exit. Could it be the problem.
Is there any way to achieve what I want. I'm aware about the DoS,
but in this case, there it's not a problem.
Thank you
--
Spike Milligan - "All I ask is the chance to prove that money can't
make me happy."
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list