reaky
join:2004-01-18
Killeen, TX
| Sending emails via syslog-ng
Hi friends
I have syslog-ng installed in RHEL5 server, I make it as CEntral log for all servers in my network, Filtered by IP
Now What I want to do is make it send to me an email for a specific log for one of my server, In other word when any log sent from this IP (192.168.1.1 ) For example to send me email with this new log value to myemail@mydomain.com
The following is the part of configuration for my syslog-ng.conf that related with remote servers.
=============================================
source s_remote {
tcp(ip(0.0.0.0) port(514));
udp(ip(0.0.0.0) port(514));
};
destination d_separatedbyhosts {
file("/var/log/syslog-ng/servers/$HOST/$FACILITY.log" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};
log { source(s_remote); destination(d_separatedbyhosts); };
===============================================
Thanks
Best Regards
Reaky |
|
SirMeowmix_III
@windstream.net | I do this with a syslog-ng filter expression, a new destination as a FIFO, and some Perl script that reads the FIFO and uses Mail::Mailer to send an email.
I can share this code if you wish. |
|
reaky
join:2004-01-18
Killeen, TX | reply to reaky
thatnks for you replay
Coulde u pleas hare this filtration and code ?
Thanks |
|
SirMeowmix_III
| reply to reaky
Snippet from syslog-ng.conf
The Perl code that does the FIFO read:
|
|
reaky
join:2004-01-18
Killeen, TX
3 edits | reply to reaky
Dear SirMeowmix_III
I take some of your Idea and modified it, and use the following
=======================================================
source sme {file (/var/log/syslog-ng/servers/172.31.250.68/local7.log); };
destination maillog { program ("/usr/local/bin/syslog-mail-perl" );
log {source(sme); destination(maillog); };
=======================================================
And the perl script like the following:
+++++++++++++++++++++++++++++++++++=
#!/usr/bin/perl -n
# thanks to Brian Dowling for an example with security in mind.
$TO = 'reaky@domain.com';
$FROM = $TO;
s/^//;
open(MAIL, "|/usr/sbin/sendmail -t");
print MAIL "EOT";
To: $TO
From: $FROM
Subject: SME Log Alert: $_
$_
EOT
close(MAIL);
+++++++++++++++++++++++++++++++++++++++
When It tried to send emails I found that I must restart syslog every time to send the mails to sendmail, In another word it buffer the emails tell I restart syslog-ng then It forwerd it to send mail and can see it in the mail log.
Do you have any idea for that ?
Thanks |
|
reaky
join:2004-01-18
Killeen, TX
| reply to reaky
Dear SirMeowmix_III
I tried the configuration like you sent as the following:
#=================================================================
# Remote logging
source src {
pipe("/proc/kmsg");
unix-stream("/dev/log");
tcp(ip(0.0.0.0) port(514));
udp(ip(0.0.0.0) port(514));
};
destination maillog { program("/syslog_fifos/host_fifo" flush_lines(1));
};
filter f_host {
match("172.31.250.68");
};
log {source(src); filter(f_host); destination(maillog); };
#==================================================================
But when I restart It gave me the following note :
WARNING: the match() filter without the use of the value() option is deprecated and hinders performance, please update your configuration; |
|
