[syslog-ng] Launching command with a certain value after extracting it from patterndb
Balazs Scheidler
bazsi77 at gmail.com
Wed Nov 5 16:06:19 CET 2014
You really want a command executed or just want to echo the value of the
fields extracted into a file?
I really wouldn't recomment trying to run a command that can be triggered
for every incoming message, it can easily lead to a DoS, simply by flooding
the syslog server with a lot of logs.
Hmm... db-parser() is able to rate-limit actions though, the only needed
thing is a command execution. Too bad it's too easy to inject badly
formatted values into the command line, which is a security issue.
In your example: cat $user, what if $user contains the the string "'; rm
-rf /"? it would get executed in an innocent looking configuration.
On Wed, Nov 5, 2014 at 2:47 PM, C. L. Martinez <carlopmart at gmail.com> wrote:
> Hi all,
>
> Is it possible to trigger a command after extracting a field using
> patterndb? For example I have the following log:
>
> Nov 4 15:18:10 myserver01 info ftps[876]: Rule Allow <ALLOW>: - MAP
> user:mytest IP:1.1.1.1
>
>
> With patterndb, I can extract field user with for example, a value of
> $user. Can I trigger a command like "cat $user >> /tmp/users.log"
> without calling a script??
>
> Thanks.
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
--
Bazsi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20141105/07c5e2b8/attachment.htm
More information about the syslog-ng
mailing list