Solved

Must Restart syslog-ng to send email

Posted on 2009-07-07
2
674 Views
Last Modified: 2013-12-16
Dear friends
I'm using Syslog-ng v 3 installed in RHEL 5
           I have a small problem with my syslog-ng configuration, I'm trying to filter logs from a log file and forwerd it to perl script to send it by email,
This part of  configuration like the following:
=====================================================
source sme {file (/var/log/syslog-ng/servers/172.31.250.68/local7.log); };

destination maillog { program ("/usr/local/bin/syslog-mail-perl" );
 };
log {source(sme); destination(maillog); };
=====================================================

And the perl script like the following:
+++++++++++++++++++++++++++++++++++=
#!/usr/bin/perl -n
# thanks to Brian Dowling for an example with security in mind.

$TO = 'root';
$FROM = $TO;

s/^//;

open(MAIL, "|/usr/sbin/sendmail -t");

print MAIL "EOT";
To: $TO
From: $FROM
Subject: SME Log Alert: $_

$_

EOT

close(MAIL);
+++++++++++++++++++++++++++++++++++++++

I found that I must restart syslog every time to send the mails , In another word it buffer the emails tell I restart syslog-ng then It forwerd it to send mail and can see it in the mail log.
Do you have any idea for that ?
Thanks
0
Comment
Question by:tedatadcu
2 Comments
 
LVL 27

Accepted Solution

by:
Nopius earned 500 total points
ID: 24813651
Hi.

According to syslog manuals http://www.l3jane.net/doc/server/syslog-ng/
"Note:
Syslog-ng 1.6 executed the program once at startup, and kept running until SIGHUP or exit. The reason is to prevent starting up a large number of programs for messages, which would imply an easy DoS. "

What does that mean for you? That means your approach is incorrect. Once your program has been executed, it closes input channel and never gets access to it again, until you restart syslog.
You can implement loop that reads stdin and sends each line by email or you should decide yourself where to stop to initiate email sending, but _never_ close stdin, exit your loop, or exit your program, otherwise you  loose your input.

Here is a working examole, please test




#!/usr/bin/perl
# thanks to Brian Dowling for an example with security in mind.
 
$TO = 'root';
$FROM = $TO;
 
while (<STDIN>){
open(MAIL, "| /usr/sbin/sendmail -t");
print MAIL <<"EOT";
To: $TO
From: $FROM
Subject: SME Log Alert: $_
 
$_
EOT
close(MAIL);
};

Open in new window

0
 

Author Closing Comment

by:tedatadcu
ID: 32885524
not yet
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question