Must Restart syslog-ng to send email

Dear friends
I'm using Syslog-ng v 3 installed in RHEL 5
           I have a small problem with my syslog-ng configuration, I'm trying to filter logs from a log file and forwerd it to perl script to send it by email,
This part of  configuration like the following:
=====================================================
source sme {file (/var/log/syslog-ng/servers/172.31.250.68/local7.log); };

destination maillog { program ("/usr/local/bin/syslog-mail-perl" );
 };
log {source(sme); destination(maillog); };
=====================================================

And the perl script like the following:
+++++++++++++++++++++++++++++++++++=
#!/usr/bin/perl -n
# thanks to Brian Dowling for an example with security in mind.

$TO = 'root';
$FROM = $TO;

s/^//;

open(MAIL, "|/usr/sbin/sendmail -t");

print MAIL "EOT";
To: $TO
From: $FROM
Subject: SME Log Alert: $_

$_

EOT

close(MAIL);
+++++++++++++++++++++++++++++++++++++++

I found that I must restart syslog every time to send the mails , In another word it buffer the emails tell I restart syslog-ng then It forwerd it to send mail and can see it in the mail log.
Do you have any idea for that ?
Thanks
tedatadcuAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Artysystem administratorCommented:
Hi.

According to syslog manuals http://www.l3jane.net/doc/server/syslog-ng/
"Note:
Syslog-ng 1.6 executed the program once at startup, and kept running until SIGHUP or exit. The reason is to prevent starting up a large number of programs for messages, which would imply an easy DoS. "

What does that mean for you? That means your approach is incorrect. Once your program has been executed, it closes input channel and never gets access to it again, until you restart syslog.
You can implement loop that reads stdin and sends each line by email or you should decide yourself where to stop to initiate email sending, but _never_ close stdin, exit your loop, or exit your program, otherwise you  loose your input.

Here is a working examole, please test




#!/usr/bin/perl
# thanks to Brian Dowling for an example with security in mind.
 
$TO = 'root';
$FROM = $TO;
 
while (<STDIN>){
open(MAIL, "| /usr/sbin/sendmail -t");
print MAIL <<"EOT";
To: $TO
From: $FROM
Subject: SME Log Alert: $_
 
$_
EOT
close(MAIL);
};

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tedatadcuAuthor Commented:
not yet
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.