Solved

Must Restart syslog-ng to send email

Posted on 2009-07-07
2
685 Views
Last Modified: 2013-12-16
Dear friends
I'm using Syslog-ng v 3 installed in RHEL 5
           I have a small problem with my syslog-ng configuration, I'm trying to filter logs from a log file and forwerd it to perl script to send it by email,
This part of  configuration like the following:
=====================================================
source sme {file (/var/log/syslog-ng/servers/172.31.250.68/local7.log); };

destination maillog { program ("/usr/local/bin/syslog-mail-perl" );
 };
log {source(sme); destination(maillog); };
=====================================================

And the perl script like the following:
+++++++++++++++++++++++++++++++++++=
#!/usr/bin/perl -n
# thanks to Brian Dowling for an example with security in mind.

$TO = 'root';
$FROM = $TO;

s/^//;

open(MAIL, "|/usr/sbin/sendmail -t");

print MAIL "EOT";
To: $TO
From: $FROM
Subject: SME Log Alert: $_

$_

EOT

close(MAIL);
+++++++++++++++++++++++++++++++++++++++

I found that I must restart syslog every time to send the mails , In another word it buffer the emails tell I restart syslog-ng then It forwerd it to send mail and can see it in the mail log.
Do you have any idea for that ?
Thanks
0
Comment
Question by:tedatadcu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 27

Accepted Solution

by:
Nopius earned 500 total points
ID: 24813651
Hi.

According to syslog manuals http://www.l3jane.net/doc/server/syslog-ng/
"Note:
Syslog-ng 1.6 executed the program once at startup, and kept running until SIGHUP or exit. The reason is to prevent starting up a large number of programs for messages, which would imply an easy DoS. "

What does that mean for you? That means your approach is incorrect. Once your program has been executed, it closes input channel and never gets access to it again, until you restart syslog.
You can implement loop that reads stdin and sends each line by email or you should decide yourself where to stop to initiate email sending, but _never_ close stdin, exit your loop, or exit your program, otherwise you  loose your input.

Here is a working examole, please test




#!/usr/bin/perl
# thanks to Brian Dowling for an example with security in mind.
 
$TO = 'root';
$FROM = $TO;
 
while (<STDIN>){
open(MAIL, "| /usr/sbin/sendmail -t");
print MAIL <<"EOT";
To: $TO
From: $FROM
Subject: SME Log Alert: $_
 
$_
EOT
close(MAIL);
};

Open in new window

0
 

Author Closing Comment

by:tedatadcu
ID: 32885524
not yet
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question