[syslog-ng] Destination program input
Scappatura Rocco
Rocco.Scappatura at infracom.it
Fri Apr 20 16:39:48 UTC 2018
Hello.
I have written a C program that read the successful POP3 access log lines to my POP3 server. After get one line, it get the time and the POP3 account that logged in. These data are then stored in the account MySQL database.
The program (named 'pop3_access') works fine:
echo "Apr 10 12:00:17 mail1 pop3d: LOGIN, user= xxx at domain.tld, ip=[::ffff:xxx.yyy.zzz.vvv], port=[56196]"|./pop3_access
Infact quering DB, I get:
username pop3_last_access
xxx at domain.tld 2018-04-10 12:00:17
I have configured syslog:
filter f_pop3_access { facility(local7) and match ('LOGIN,'); };
destination d_pop3_last_access { program("/usr/local/bin/pop3_access >/dev/null" ); };
log { source(src); filter(f_pop3_access); destination(d_pop3_last_access); };
But no rows are inserted in the database..
>From log of destination program 'pop3_access' I see the it remains in a while loop waiting for an 'EOF' that never arrives:
while (fgets(line, MAXSTR, stdin)) {
if (sscanf(line, "%s %d %s %s %s %s %s %s %s", mese, &giorno, ora, s, proto, comando, u, ip, porta) != 9){
syslog (LOG_NOTICE, "Errore scanf");
exit(-1);
}
}
How I have to do so that my program succeed in taking the syslog row correctly, and then returns after process the data as expected?
Regards,
Rocco Scappatura
More information about the syslog-ng
mailing list