Sending emails via syslog-ng

Author	All Replies
reaky join:2004-01-18 Killeen, TX	Sending emails via syslog-ng Hi friends I have syslog-ng installed in RHEL5 server, I make it as CEntral log for all servers in my network, Filtered by IP Now What I want to do is make it send to me an email for a specific log for one of my server, In other word when any log sent from this IP (192.168.1.1 ) For example to send me email with this new log value to myemail@mydomain.com The following is the part of configuration for my syslog-ng.conf that related with remote servers. ============================================= source s_remote { tcp(ip(0.0.0.0) port(514)); udp(ip(0.0.0.0) port(514)); }; destination d_separatedbyhosts { file("/var/log/syslog-ng/servers/$HOST/$FACILITY.log" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); }; log { source(s_remote); destination(d_separatedbyhosts); }; =============================================== Thanks Best Regards Reaky
	to forum · permalink · · 2009-06-30 07:32:13 ·
SirMeowmix_III @windstream.net	I do this with a syslog-ng filter expression, a new destination as a FIFO, and some Perl script that reads the FIFO and uses Mail::Mailer to send an email. I can share this code if you wish.
	to forum · permalink · 2009-06-30 09:51:49 ·
reaky join:2004-01-18 Killeen, TX	reply to reaky thatnks for you replay Coulde u pleas hare this filtration and code ? Thanks
	to forum · permalink · · 2009-07-01 07:54:16 ·
SirMeowmix_III	reply to reaky Snippet from syslog-ng.conf options { #Jan 11, 2007 #Do not use DNS, too much info being sent to perform rDNS/DNS lookups! use_fqdn(no); use_dns(no); #Misc keep_hostname(yes); long_hostnames(off); chain_hostnames(no); check_hostname(no); log_msg_size(4096); stats(60); flush_lines(1000); flush_timeout(30); }; source src { pipe("/proc/kmsg"); unix-stream("/dev/log"); internal(); udp(); tcp(port(514) keep-alive(yes)); }; destination host_fifo { file("/syslog_fifos/host_fifo" sync(1)); }; filter f_host { match("192.168.1.1"); }; log { source(src); filter(f_host); destination(host_fifo); }; The Perl code that does the FIFO read: #!/usr/bin/perl -w # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # # Watch FIFO and email data # SirMeowmixIII # Jul 01, 2009 use Mail::Mailer; use POSIX qw(setsid); &daemonize; #Loop forever. while(1){ &read_fifo(); sleep(15); } sub daemonize { chdir '/' or die "Can't chdir to /: $!"; open STDIN, '/dev/null' or die "Can't read /dev/null: $!"; open STDOUT, '>>/dev/null' or die "Can't write to /dev/null: $!"; open STDERR, '>>/dev/null' or die "Can't write to /dev/null: $!"; defined(my $pid = fork) or die "Can't fork: $!"; exit if $pid; setsid or die "Can't start a new session: $!"; umask 0; } sub error_hander(){ #If an error, sleep for 15 seconds and try again instead of doing a 'die'. print($_[0]); sleep(15); return; } sub do_alert(){ $from_address = 'sender@senderdomain.com'; $to_address = 'recipient@destination.com'; $subject = "Message Subject"; $body = $_[0] . "\n"; $mailer = Mail::Mailer->new(); $mailer->open({ From => $from_address,To => $to_address, Subject => $subject}) or die "Can't open: $!\n"; print $mailer $body; $mailer->close(); print localtime(time()) . $_[0] . "\n"; } sub read_fifo(){ #Grab the PIPE open ISA_FIFO, "< /syslog_fifos/host_fifo" \|\| &error_handler("Cannot open FIFO pipe"); while(<ISA_FIFO>){ &do_alert($_); } close(ISA_FIFO); print "* FIFO CLOSED *\n"; return 0; }
	to forum · permalink · 2009-07-01 08:16:23 ·
reaky join:2004-01-18 Killeen, TX 3 edits	reply to reaky Dear SirMeowmix_III I take some of your Idea and modified it, and use the following ======================================================= source sme {file (/var/log/syslog-ng/servers/172.31.250.68/local7.log); }; destination maillog { program ("/usr/local/bin/syslog-mail-perl" ); log {source(sme); destination(maillog); }; ======================================================= And the perl script like the following: +++++++++++++++++++++++++++++++++++= #!/usr/bin/perl -n # thanks to Brian Dowling for an example with security in mind. $TO = 'reaky@domain.com'; $FROM = $TO; s/^//; open(MAIL, "\|/usr/sbin/sendmail -t"); print MAIL "EOT"; To: $TO From: $FROM Subject: SME Log Alert: $_ $_ EOT close(MAIL); +++++++++++++++++++++++++++++++++++++++ When It tried to send emails I found that I must restart syslog every time to send the mails to sendmail, In another word it buffer the emails tell I restart syslog-ng then It forwerd it to send mail and can see it in the mail log. Do you have any idea for that ? Thanks
	to forum · permalink · · 2009-07-06 08:10:03 ·
reaky join:2004-01-18 Killeen, TX	reply to reaky Dear SirMeowmix_III I tried the configuration like you sent as the following: #================================================================= # Remote logging source src { pipe("/proc/kmsg"); unix-stream("/dev/log"); tcp(ip(0.0.0.0) port(514)); udp(ip(0.0.0.0) port(514)); }; destination maillog { program("/syslog_fifos/host_fifo" flush_lines(1)); }; filter f_host { match("172.31.250.68"); }; log {source(src); filter(f_host); destination(maillog); }; #================================================================== But when I restart It gave me the following note : WARNING: the match() filter without the use of the value() option is deprecated and hinders performance, please update your configuration;
	to forum · permalink · · 2009-07-07 05:31:21 ·


Monday, 09-Nov 00:17:34	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF