[syslog-ng] program destination problem (again...)

Fegan, Joe Joe.Fegan at hp.com
Thu Aug 13 11:47:53 CEST 2009 

In "ps -elf" do you see your script? Does the pid stay the same as time advances, or does it change (which would mean it's exiting and being replaced with a new instance by syslog-ng automatically). You could add a start and end marker to see if it's starting at all and if/when it's exiting. Like:

#!/bin/bash
echo "$0 started `date`" >> /tmp/debug.log
while read line ; do
echo $line >> /tmp/testlog
done
echo "$0 exited `date`" >> /tmp/debug.log



-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Alberto Sierra
Sent: 13 August 2009 07:26
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] program destination problem (again...)

hi there,

i know this is been discussed like a million times already but i'm
stuck and can't get around this.

i'm using a program destination in my syslog-ng config, like this:
destination test_log { file("/var/log/testlog"); };
destination sshd_alerts {
program("/usr/local/bin/ssh_alert_by_email.sh" template("$DATE $HOST
$PROGRAM $MSGONLY")); };

filter sshd { program("sshd"); };
filter login_accepted { match("Accepted password|Accepted publickey"); };


log {
        source(s_all);
        filter(sshd);
        filter(login_accepted);
        destination(sshd_alerts);
        destination(test_log);
};

and the script as follows:

#!/bin/bash
while read line ; do
echo $line >> /tmp/testlog
done

that's it,  it logs to the destination(test_log) but the script does nothing.

i followed a similar thread:
https://lists.balabit.hu/pipermail/syslog-ng/2008-March/011512.html

and the script works well interactively in the shell. I think i hit a
dead end here... btw version 2.0.9

-- 
Alberto Sierra
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html

More information about the syslog-ng mailing list