[syslog-ng] Must Restart syslog-ng to send email

Tue Jul 7 15:00:32 CEST 2009

There are many problems with this example.

1. A syslog-ng "program" script is not allowed to process one message and exit. It must run in a loop, reading individual messages from its stdin and handling each one separately e.g. sending each as a separate email. Check the archives of this list, you will see that discussed many times.

2. The source you have defined will read the existing contents of that file when syslog-ng is started and send them to the script. That's all it will do. Run your restart test again - I expect that it sends you the exact same email every time, the first line of that log file.

Joe.

________________________________
From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Reaky Rok
Sent: 07 July 2009 13:36
To: syslog-ng at lists.balabit.hu
Subject: Re: [syslog-ng] Must Restart syslog-ng to send email

Dear friends
Is there any update please, The Idea that I want to filter the logs that comes from the server 172.31.250.68 to send it by email,  that's the purpose of this configuration I did.
(note) the path " /var/log/syslog-ng/servers/172.31.250.68/local7.log" is the path of the log file for this server in the my syslog-ng machine, I tried to add more options to the destination line like the following:
 destination maillog { program("/usr/local/bin/syslog-mail-perl" flush_lines(1) flush_timeout(30));
 };
But the problem still exist
Please if anyone have a solution for this Or any other solution or guide lines please tell me.

Thanks

________________________________
From: reakyrok at hotmail.com
To: syslog-ng at lists.balabit.hu
Date: Mon, 6 Jul 2009 16:44:37 +0300
Subject: Re: [syslog-ng] Must Restart syslog-ng to send email

Sorry there's Small mistake that In both internal send or out send I must restart syslog-ng first

________________________________
From: reakyrok at hotmail.com
To: syslog-ng at lists.balabit.hu
Date: Mon, 6 Jul 2009 15:50:00 +0300
Subject: [syslog-ng] Must Restart syslog-ng to send email

Dear friends
           I have a small problem with my syslog-ng server, I use a configuration to filter mail from log file and forwerd it to perl script to send it, the configuration like the following:
=====================================================
source sme {file (/var/log/syslog-ng/servers/172.31.250.68/local7.log); };

destination maillog { program ("/usr/local/bin/syslog-mail-perl" );
 };
log {source(sme); destination(maillog); };
=====================================================

And the perl script like the following:
+++++++++++++++++++++++++++++++++++=
#!/usr/bin/perl -n
# thanks to Brian Dowling for an example with security in mind.

$TO = 'reaky at domain.com';
$FROM = $TO;

s/^//;

open(MAIL, "|/usr/sbin/sendmail -t");

print MAIL "EOT";
To: $TO
From: $FROM
Subject: SME Log Alert: $_

$_

EOT

close(MAIL);
+++++++++++++++++++++++++++++++++++++++

It worked very fine when I send to root user in the machine, But when I tried to send to outside I found that I must restart syslog every time to send the mails to sendmail, In another word it buffer the emails tell I restart syslog-ng then It forwerd it to send mail and can see it in the mail log.
Do you have any idea for that ?
Thanks

________________________________
Windows Live(tm): Keep your life in sync. Check it out!<http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_allup_explore_012009>
________________________________
Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! Try it!<http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us>
________________________________
Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! Try it!<http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090707/f3ae6bcc/attachment.htm 