[syslog-ng] program destination problem (again...)
Balazs Scheidler
bazsi at balabit.hu
Tue Aug 18 19:56:06 CEST 2009
On Thu, 2009-08-13 at 00:26 -0600, Alberto Sierra wrote:
> hi there,
>
> i know this is been discussed like a million times already but i'm
> stuck and can't get around this.
>
> i'm using a program destination in my syslog-ng config, like this:
> destination test_log { file("/var/log/testlog"); };
> destination sshd_alerts {
> program("/usr/local/bin/ssh_alert_by_email.sh" template("$DATE $HOST
> $PROGRAM $MSGONLY")); };
try including an end-of-line in your template, since otherwise your
script will wait for it.
template("$DATE $HOST $PROGRAM $MSGONLY\n")
note the last "\n" in the template.
>
> filter sshd { program("sshd"); };
> filter login_accepted { match("Accepted password|Accepted publickey"); };
>
>
> log {
> source(s_all);
> filter(sshd);
> filter(login_accepted);
> destination(sshd_alerts);
> destination(test_log);
> };
>
> and the script as follows:
>
> #!/bin/bash
> while read line ; do
> echo $line >> /tmp/testlog
> done
>
> that's it, it logs to the destination(test_log) but the script does nothing.
>
> i followed a similar thread:
> https://lists.balabit.hu/pipermail/syslog-ng/2008-March/011512.html
>
> and the script works well interactively in the shell. I think i hit a
> dead end here... btw version 2.0.9
>
--
Bazsi
More information about the syslog-ng
mailing list