[syslog-ng] unable to setup syslog-ng for log monitoring
Supratik Goswami
supratiksekhar at gmail.com
Tue Nov 30 09:10:50 CET 2010
Hi
I am using syslog-ng 3.0 and I am trying to monitor log files. If there is
word "attackalert" found in the log file syslog-ng should invoke a script.
I created "/root/workspace/test" a bash script only with a simple echo
statement to check if it is working correctly or not. The problem is
whenever I start syslog-ng the script starts executing even if the word
"attackalert" is not recorded. The following is my syslog-ng.conf
configuration. Is there anything I am missing here ? Please advice.
options {
flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};
source s_file { file("/root/workspace/app_desktop/sup.log.php");};
destination d_prog { program("/root/workspace/test"); };
filter f_attack_alert {
match("attackalert" value("MESSAGE"));
};
log {
source(s_file);
filter(f_attack_alert);
destination(d_prog);
};
--
Warm Regards
Supratik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101130/43530be5/attachment.htm
More information about the syslog-ng
mailing list