[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Must Restart syslog-ng to send email

Posted on 2009-07-07
2
Medium Priority
?
705 Views
Last Modified: 2013-12-16
Dear friends
I'm using Syslog-ng v 3 installed in RHEL 5
           I have a small problem with my syslog-ng configuration, I'm trying to filter logs from a log file and forwerd it to perl script to send it by email,
This part of  configuration like the following:
=====================================================
source sme {file (/var/log/syslog-ng/servers/172.31.250.68/local7.log); };

destination maillog { program ("/usr/local/bin/syslog-mail-perl" );
 };
log {source(sme); destination(maillog); };
=====================================================

And the perl script like the following:
+++++++++++++++++++++++++++++++++++=
#!/usr/bin/perl -n
# thanks to Brian Dowling for an example with security in mind.

$TO = 'root';
$FROM = $TO;

s/^//;

open(MAIL, "|/usr/sbin/sendmail -t");

print MAIL "EOT";
To: $TO
From: $FROM
Subject: SME Log Alert: $_

$_

EOT

close(MAIL);
+++++++++++++++++++++++++++++++++++++++

I found that I must restart syslog every time to send the mails , In another word it buffer the emails tell I restart syslog-ng then It forwerd it to send mail and can see it in the mail log.
Do you have any idea for that ?
Thanks
0
Comment
Question by:tedatadcu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 27

Accepted Solution

by:
Nopius earned 1500 total points
ID: 24813651
Hi.

According to syslog manuals http://www.l3jane.net/doc/server/syslog-ng/
"Note:
Syslog-ng 1.6 executed the program once at startup, and kept running until SIGHUP or exit. The reason is to prevent starting up a large number of programs for messages, which would imply an easy DoS. "

What does that mean for you? That means your approach is incorrect. Once your program has been executed, it closes input channel and never gets access to it again, until you restart syslog.
You can implement loop that reads stdin and sends each line by email or you should decide yourself where to stop to initiate email sending, but _never_ close stdin, exit your loop, or exit your program, otherwise you  loose your input.

Here is a working examole, please test




#!/usr/bin/perl
# thanks to Brian Dowling for an example with security in mind.
 
$TO = 'root';
$FROM = $TO;
 
while (<STDIN>){
open(MAIL, "| /usr/sbin/sendmail -t");
print MAIL <<"EOT";
To: $TO
From: $FROM
Subject: SME Log Alert: $_
 
$_
EOT
close(MAIL);
};

Open in new window

0
 

Author Closing Comment

by:tedatadcu
ID: 32885524
not yet
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Fine Tune your automatic Updates for Ubuntu / Debian
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question