[syslog-ng] program destination problem (again...)

Alberto Sierra albertosierra at aesetres.com
Thu Aug 13 17:44:55 CEST 2009 

0 S root     20465     1  0  80   0 -   443 -      11:26 pts/0
00:00:00 /bin/sh -c /usr/local/bin/ssh_alert_by_email.sh
0 S root     20466 20465  0  80   0 -   443 -      11:26 pts/0
00:00:00 /bin/bash /usr/local/bin/ssh_alert_by_email.sh
5 S root     20468     1  0  80   0 -   572 -      11:26 ?
00:00:00 /sbin/syslog-ng -p /var/run/syslog-ng.pid

the PID is not changing, (unless the syslog-ng is restarted of
course),  the debug.log shows the program runs until syslog-ng is
restarted as well. but it still sends nothing to the /tmp/testlog
file.



On Thu, Aug 13, 2009 at 3:47 AM, Fegan, Joe<Joe.Fegan at hp.com> wrote:
> In "ps -elf" do you see your script? Does the pid stay the same as time advances, or does it change (which would mean it's exiting and being replaced with a new instance by syslog-ng automatically). You could add a start and end marker to see if it's starting at all and if/when it's exiting. Like:
>
> #!/bin/bash
> echo "$0 started `date`" >> /tmp/debug.log
> while read line ; do
> echo $line >> /tmp/testlog
> done
> echo "$0 exited `date`" >> /tmp/debug.log
>
>
>
> -----Original Message-----
> From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Alberto Sierra
> Sent: 13 August 2009 07:26
> To: syslog-ng at lists.balabit.hu
> Subject: [syslog-ng] program destination problem (again...)
>
> hi there,
>
> i know this is been discussed like a million times already but i'm
> stuck and can't get around this.
>
> i'm using a program destination in my syslog-ng config, like this:
> destination test_log { file("/var/log/testlog"); };
> destination sshd_alerts {
> program("/usr/local/bin/ssh_alert_by_email.sh" template("$DATE $HOST
> $PROGRAM $MSGONLY")); };
>
> filter sshd { program("sshd"); };
> filter login_accepted { match("Accepted password|Accepted publickey"); };
>
>
> log {
>        source(s_all);
>        filter(sshd);
>        filter(login_accepted);
>        destination(sshd_alerts);
>        destination(test_log);
> };
>
> and the script as follows:
>
> #!/bin/bash
> while read line ; do
> echo $line >> /tmp/testlog
> done
>
> that's it,  it logs to the destination(test_log) but the script does nothing.
>
> i followed a similar thread:
> https://lists.balabit.hu/pipermail/syslog-ng/2008-March/011512.html
>
> and the script works well interactively in the shell. I think i hit a
> dead end here... btw version 2.0.9
>
> --
> Alberto Sierra
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>



-- 
Alberto Sierra Reales [aesetres]
IT Consultant
Cel. 8319-1805

More information about the syslog-ng mailing list