[syslog-ng] Can't get program destination to work

Chuck chuck.carson at gmail.com
Fri Nov 5 17:26:40 CET 2010 

I have some syntax working now but can't get a reliable means of sending
smtp notifications.. Just curious how other people are doing it. Here is my
current setup:

template    t_smtp     { template("$HOST <$PRI>$DATE $HOST $MSG\n");
template_escape(no); };
destination r_smtp     { program ("/usr/local/sbin/syslog-ng-mailer.sh"); };
log { source (s_udp);           filter (f_kern); filter (f_crit);
destination (r_smtp); };
log { source (s_udp);           filter (f_user); filter (f_crit);
destination (r_smtp); };
log { source (s_udp);           filter (f_daemon); filter (f_crit);
destination (r_smtp); };

The above catches the messages and executes my script.

Here is my script:
#!/bin/sh
RECPT="me at example.com"

tstamp=`localtime`
log="/var/adm/syslog-ng-mailer.log"
tmp="/tmp/syslog-ng-mailer.$$"

while read line; do
        echo $line >> $tmp
done

/usr/local/bin/cat $tmp | /bin/mailx -s "SyslogAlet" $RECPT

/bin/rm $tmp

exit 0;

The script is getting executed but with the following issues:

1) When I execute the following 3 commands on a remote host that logs to my
syslog-ng server, it appears to only execute my script once:

# logger -p user.crit "TESTING 1"
# logger -p user.crit "TESTING 2"
# logger -p user.crit "TESTING 3"

So I wind up with a single tmp file instead of 3 as I would expect:
root at syslog:/tmp# cat syslog-ng-mailer.4053
Nov 5 08:58:07 pwydbsolp05 carsoc: [ID 702911 user.crit] TESTING 1
Nov 5 08:58:08 pwydbsolp05 carsoc: [ID 702911 user.crit] TESTING 2
Nov 5 08:58:10 pwydbsolp05 carsoc: [ID 702911 user.crit] TESTING 3

Here I see the processes associated with my script:
root at syslog:/tmp# ps -ef | grep syslog-ng-mailer
    root  4052  4048   0 08:17:19 ?           0:00 /bin/sh -c
/usr/local/sbin/syslog-ng-mailer.sh
    root  4053  4052   0 08:17:19 ?           0:00 /bin/sh
/usr/local/sbin/syslog-ng-mailer.sh

These processes just seem to hand.. Every once in a a message will actually
get delivered but its blank with the exception of the subject.

I've tried several different scripts, some that try and parse the command
line arguments individually, some that just read STDIN until EOF, and
etc....

I can't get anything reliable working.

Any ideas?


On Fri, Nov 5, 2010 at 7:08 AM, Sandor Geller <
Sandor.Geller at morganstanley.com> wrote:

> there is an extra semicolon... remove the one after template()
>
> On Fri, Nov 5, 2010 at 3:04 PM, Chuck <chuck.carson at gmail.com> wrote:
> >
> > It doesn't like this synxtax either:
> >
> > destination r_smtp     { program ("/usr/local/sbin/syslog-ng-mailer.sh"
> > template("$HOST <$PRI>$DATE $HOST $MSG\n"); ); };
> >
> > I can't get any syntax as all working that uses the template() option.
> >
> > -Chuck
> >
> > On Fri, Nov 5, 2010 at 6:57 AM, Sandor Geller
> > <Sandor.Geller at morganstanley.com> wrote:
> >>
> >> Hi,
> >>
> >> On Fri, Nov 5, 2010 at 2:46 PM, Chuck <chuck.carson at gmail.com> wrote:
> >> >
> >> > I am running 3.0.4 on a solaris 10 host. I am trying to send critical
> >> > and
> >> > emergency events via smtp. I have the following syntax:
> >> >
> >> > destination r_smtp     { program ("/usr/local/sbin/syslog-ng-mailer.sh
> >> > $HOST" template("<$PRI>$DATE $HOST $MSG\n.\n"); ); };
> >>
> >> Maybe you misunderstood the example.
> >>
> >> program ("/usr/local/sbin/syslog-ng-mailer.sh $HOST"
> >>
> >> is bad, the whole string including the space and $HOST is treated as
> >> the program name... Instead of that use
> >>
> >> program ("/usr/local/sbin/syslog-ng-mailer.sh" template(...
> >>
> >> hth,
> >>
> >> Sandor
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101105/85892136/attachment-0001.htm

More information about the syslog-ng mailing list