[syslog-ng] program destination problem (again...)

Balazs Scheidler bazsi at balabit.hu
Tue Aug 18 19:56:06 CEST 2009


On Thu, 2009-08-13 at 00:26 -0600, Alberto Sierra wrote:
> hi there,
> 
> i know this is been discussed like a million times already but i'm
> stuck and can't get around this.
> 
> i'm using a program destination in my syslog-ng config, like this:
> destination test_log { file("/var/log/testlog"); };
> destination sshd_alerts {
> program("/usr/local/bin/ssh_alert_by_email.sh" template("$DATE $HOST
> $PROGRAM $MSGONLY")); };

try including an end-of-line in your template, since otherwise your
script will wait for it.

template("$DATE $HOST $PROGRAM $MSGONLY\n")

note the last "\n" in the template.

> 
> filter sshd { program("sshd"); };
> filter login_accepted { match("Accepted password|Accepted publickey"); };
> 
> 
> log {
>         source(s_all);
>         filter(sshd);
>         filter(login_accepted);
>         destination(sshd_alerts);
>         destination(test_log);
> };
> 
> and the script as follows:
> 
> #!/bin/bash
> while read line ; do
> echo $line >> /tmp/testlog
> done
> 
> that's it,  it logs to the destination(test_log) but the script does nothing.
> 
> i followed a similar thread:
> https://lists.balabit.hu/pipermail/syslog-ng/2008-March/011512.html
> 
> and the script works well interactively in the shell. I think i hit a
> dead end here... btw version 2.0.9
> 
-- 
Bazsi



More information about the syslog-ng mailing list