[syslog-ng] Can't get program destination to work

Chuck chuck.carson at gmail.com
Fri Nov 5 17:28:17 CET 2010 

Oops pasted the wrong output.. My current syslog-ng.conf contains this:
destination r_smtp     { program ("/usr/local/sbin/syslog-ng-mailer.sh"
template(t_smtp) ); };

On Fri, Nov 5, 2010 at 9:26 AM, Chuck <chuck.carson at gmail.com> wrote:

>
> I have some syntax working now but can't get a reliable means of sending
> smtp notifications.. Just curious how other people are doing it. Here is my
> current setup:
>
> template    t_smtp     { template("$HOST <$PRI>$DATE $HOST $MSG\n");
> template_escape(no); };
> destination r_smtp     { program ("/usr/local/sbin/syslog-ng-mailer.sh");
> };
> log { source (s_udp);           filter (f_kern); filter (f_crit);
> destination (r_smtp); };
> log { source (s_udp);           filter (f_user); filter (f_crit);
> destination (r_smtp); };
> log { source (s_udp);           filter (f_daemon); filter (f_crit);
> destination (r_smtp); };
>
> The above catches the messages and executes my script.
>
> Here is my script:
> #!/bin/sh
> RECPT="me at example.com"
>
> tstamp=`localtime`
> log="/var/adm/syslog-ng-mailer.log"
> tmp="/tmp/syslog-ng-mailer.$$"
>
> while read line; do
>         echo $line >> $tmp
> done
>
> /usr/local/bin/cat $tmp | /bin/mailx -s "SyslogAlet" $RECPT
>
> /bin/rm $tmp
>
> exit 0;
>
> The script is getting executed but with the following issues:
>
> 1) When I execute the following 3 commands on a remote host that logs to my
> syslog-ng server, it appears to only execute my script once:
>
> # logger -p user.crit "TESTING 1"
> # logger -p user.crit "TESTING 2"
> # logger -p user.crit "TESTING 3"
>
> So I wind up with a single tmp file instead of 3 as I would expect:
> root at syslog:/tmp# cat syslog-ng-mailer.4053
> Nov 5 08:58:07 pwydbsolp05 carsoc: [ID 702911 user.crit] TESTING 1
> Nov 5 08:58:08 pwydbsolp05 carsoc: [ID 702911 user.crit] TESTING 2
> Nov 5 08:58:10 pwydbsolp05 carsoc: [ID 702911 user.crit] TESTING 3
>
> Here I see the processes associated with my script:
> root at syslog:/tmp# ps -ef | grep syslog-ng-mailer
>     root  4052  4048   0 08:17:19 ?           0:00 /bin/sh -c
> /usr/local/sbin/syslog-ng-mailer.sh
>     root  4053  4052   0 08:17:19 ?           0:00 /bin/sh
> /usr/local/sbin/syslog-ng-mailer.sh
>
> These processes just seem to hand.. Every once in a a message will actually
> get delivered but its blank with the exception of the subject.
>
> I've tried several different scripts, some that try and parse the command
> line arguments individually, some that just read STDIN until EOF, and
> etc....
>
> I can't get anything reliable working.
>
> Any ideas?
>
>
>
> On Fri, Nov 5, 2010 at 7:08 AM, Sandor Geller <
> Sandor.Geller at morganstanley.com> wrote:
>
>> there is an extra semicolon... remove the one after template()
>>
>> On Fri, Nov 5, 2010 at 3:04 PM, Chuck <chuck.carson at gmail.com> wrote:
>> >
>> > It doesn't like this synxtax either:
>> >
>> > destination r_smtp     { program ("/usr/local/sbin/syslog-ng-mailer.sh"
>> > template("$HOST <$PRI>$DATE $HOST $MSG\n"); ); };
>> >
>> > I can't get any syntax as all working that uses the template() option.
>> >
>> > -Chuck
>> >
>> > On Fri, Nov 5, 2010 at 6:57 AM, Sandor Geller
>> > <Sandor.Geller at morganstanley.com> wrote:
>> >>
>> >> Hi,
>> >>
>> >> On Fri, Nov 5, 2010 at 2:46 PM, Chuck <chuck.carson at gmail.com> wrote:
>> >> >
>> >> > I am running 3.0.4 on a solaris 10 host. I am trying to send critical
>> >> > and
>> >> > emergency events via smtp. I have the following syntax:
>> >> >
>> >> > destination r_smtp     { program
>> ("/usr/local/sbin/syslog-ng-mailer.sh
>> >> > $HOST" template("<$PRI>$DATE $HOST $MSG\n.\n"); ); };
>> >>
>> >> Maybe you misunderstood the example.
>> >>
>> >> program ("/usr/local/sbin/syslog-ng-mailer.sh $HOST"
>> >>
>> >> is bad, the whole string including the space and $HOST is treated as
>> >> the program name... Instead of that use
>> >>
>> >> program ("/usr/local/sbin/syslog-ng-mailer.sh" template(...
>> >>
>> >> hth,
>> >>
>> >> Sandor
>> >
>> >
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101105/848e0888/attachment.htm

More information about the syslog-ng mailing list