[syslog-ng] R: Destination program input

[Scappatura Rocco]

Hello.

Thanks for the answer Sandor Geller.
Could you please show me a template program() destination that works following the logic you explained in your answer?

Regards,

Rocco

> -----Messaggio originale-----
> Da: Scappatura Rocco
> Inviato: venerdì 20 aprile 2018 18:40
> A: 'syslog-ng at lists.balabit.hu' <syslog-ng at lists.balabit.hu>
> Oggetto: Destination program input
> 
> Hello.
> 
> I have written a C program that read the successful POP3 access log lines to
> my POP3 server. After get one line, it get the time and the POP3 account that
> logged in. These data are then stored in the account MySQL database.
> 
> The program (named 'pop3_access') works fine:
> 
> echo "Apr 10 12:00:17 mail1 pop3d: LOGIN, user= xxx at domain.tld,
> ip=[::ffff:xxx.yyy.zzz.vvv], port=[56196]"|./pop3_access
> 
> Infact quering DB, I get:
> 
> username		pop3_last_access
> xxx at domain.tld	2018-04-10 12:00:17
> 
> I have configured syslog:
> 
> filter f_pop3_access    { facility(local7) and match ('LOGIN,'); };
> destination d_pop3_last_access { program("/usr/local/bin/pop3_access
> >/dev/null" ); }; log { source(src); filter(f_pop3_access);
> destination(d_pop3_last_access); };
> 
> But no rows are inserted in the database..
> 
> From log of destination program 'pop3_access'  I see the it remains in a while
> loop waiting for an 'EOF' that never arrives:
> 
>    while (fgets(line, MAXSTR, stdin)) {
>         if (sscanf(line, "%s %d %s %s %s %s %s %s %s", mese, &giorno, ora, s,
> proto, comando, u, ip, porta) != 9){
>                 syslog (LOG_NOTICE, "Errore scanf");
>                 exit(-1);
>         }
>    }
> 
> How I have to do so that my program succeed in taking the syslog row
> correctly, and then returns after process the data as expected?
> 
> Regards,
> 
> Rocco Scappatura