[syslog-ng] Destination program input

Sandor Geller sandor.geller at ericsson.com
Sat Apr 21 07:03:18 UTC 2018 

Hello,

A long time ago the program() destination worked as you expect, one 
program execution per log line. However this is very inefficient so it 
was changed to execute the program once and syslog-ng feeds its stdin - 
so you've got to implement a loop in your app which handles incoming 
messages one by one until syslog-ng exits and your app will get an EOF.

Regards,
Sandor

On 04/20/2018 06:39 PM, Scappatura Rocco wrote:
> Hello.
>
> I have written a C program that read the successful POP3 access log lines to my POP3 server. After get one line, it get the time and the POP3 account that logged in. These data are then stored in the account MySQL database.
>
> The program (named 'pop3_access') works fine:
>
> echo "Apr 10 12:00:17 mail1 pop3d: LOGIN, user= xxx at domain.tld, ip=[::ffff:xxx.yyy.zzz.vvv], port=[56196]"|./pop3_access
>
> Infact quering DB, I get:
>
> username		pop3_last_access
> xxx at domain.tld	2018-04-10 12:00:17
>
> I have configured syslog:
>
> filter f_pop3_access    { facility(local7) and match ('LOGIN,'); };
> destination d_pop3_last_access { program("/usr/local/bin/pop3_access >/dev/null" ); };
> log { source(src); filter(f_pop3_access); destination(d_pop3_last_access); };
>
> But no rows are inserted in the database..
>
>  From log of destination program 'pop3_access'  I see the it remains in a while loop waiting for an 'EOF' that never arrives:
>
>     while (fgets(line, MAXSTR, stdin)) {
>          if (sscanf(line, "%s %d %s %s %s %s %s %s %s", mese, &giorno, ora, s, proto, comando, u, ip, porta) != 9){
>                  syslog (LOG_NOTICE, "Errore scanf");
>                  exit(-1);
>          }
>     }
>
> How I have to do so that my program succeed in taking the syslog row correctly, and then returns after process the data as expected?
>
> Regards,
>
> Rocco Scappatura
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>

More information about the syslog-ng mailing list