Re: Sending emails via syslog-ng in All Things Unix

Re: Sending emails via syslog-ng

Tue, 07 Jul 2009 05:31:21 EDT

reaky : Dear SirMeowmix_III
I tried the configuration like you sent as the following:

#=================================================================
# Remote logging
source src {
pipe("/proc/kmsg");
unix-stream("/dev/log");
tcp(ip(0.0.0.0) port(514));
udp(ip(0.0.0.0) port(514));
};

destination maillog { program("/syslog_fifos/host_fifo" flush_lines(1));
};
filter f_host {
match("172.31.250.68");
};

log {source(src); filter(f_host); destination(maillog); };
#==================================================================

But when I restart It gave me the following note :

WARNING: the match() filter without the use of the value() option is deprecated and hinders performance, please update your configuration;

Sending emails via syslog-ng

Mon, 06 Jul 2009 08:10:03 EDT

reaky : Dear SirMeowmix_III
I take some of your Idea and modified it, and use the following
=======================================================
source sme {file (/var/log/syslog-ng/servers/172.31.250.68/local7.log); };

destination maillog { program ("/usr/local/bin/syslog-mail-perl" );

log {source(sme); destination(maillog); };
=======================================================

And the perl script like the following:
+++++++++++++++++++++++++++++++++++=
#!/usr/bin/perl -n
# thanks to Brian Dowling for an example with security in mind.

$TO = 'reaky@domain.com';
$FROM = $TO;

s/^//;

open(MAIL, "|/usr/sbin/sendmail -t");

print MAIL "EOT";
To: $TO
From: $FROM
Subject: SME Log Alert: $_

$_

EOT

close(MAIL);
+++++++++++++++++++++++++++++++++++++++
When It tried to send emails I found that I must restart syslog every time to send the mails to sendmail, In another word it buffer the emails tell I restart syslog-ng then It forwerd it to send mail and can see it in the mail log.
Do you have any idea for that ?
Thanks

Re: Sending emails via syslog-ng

Wed, 01 Jul 2009 08:16:23 EDT

anon : Snippet from syslog-ng.conf

The Perl code that does the FIFO read:

#!/usr/bin/perl -w##    This program is free software: you can redistribute it and/or modify#    it under the terms of the GNU General Public License as published by#    the Free Software Foundation, either version 3 of the License, or#    (at your option) any later version.##    This program is distributed in the hope that it will be useful,#    but WITHOUT ANY WARRANTY; without even the implied warranty of#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the#    GNU General Public License for more details.##    You should have received a copy of the GNU General Public License#    along with this program.  If not, see <http://www.gnu.org/licenses/>.## Watch FIFO and email data# SirMeowmixIII# Jul 01, 2009 use Mail::Mailer;use POSIX qw(setsid); &daemonize; #Loop forever.while(1){        &read_fifo();        sleep(15);} sub daemonize {    chdir '/'                 or die "Can't chdir to /: $!";    open STDIN, '/dev/null'   or die "Can't read /dev/null: $!";    open STDOUT, '>>/dev/null' or die "Can't write to /dev/null: $!";    open STDERR, '>>/dev/null' or die "Can't write to /dev/null: $!";    defined(my $pid = fork)   or die "Can't fork: $!";    exit if $pid;    setsid                    or die "Can't start a new session: $!";    umask 0;} sub error_hander(){ #If an error, sleep for 15 seconds and try again instead of doing a 'die'.        print($_[0]);        sleep(15);        return;} sub do_alert(){        $from_address = 'sender@senderdomain.com';        $to_address = 'recipient@destination.com';        $subject = "Message Subject";        $body = $_[0] . "\n";         $mailer = Mail::Mailer->new();        $mailer->open({ From => $from_address,To => $to_address, Subject => $subject}) or die "Can't open: $!\n";        print $mailer $body;        $mailer->close();         print localtime(time()) . $_[0] . "\n";} sub read_fifo(){        #Grab the PIPE        open ISA_FIFO, "< /syslog_fifos/host_fifo" || &error_handler("Cannot open FIFO pipe");        while(<ISA_FIFO>){                &do_alert($_);        }        close(ISA_FIFO);        print "*** FIFO CLOSED ***\n";        return 0;}

Re: Sending emails via syslog-ng

Wed, 01 Jul 2009 07:54:16 EDT

reaky : thatnks for you replay
Coulde u pleas hare this filtration and code ?
Thanks

Re: Sending emails via syslog-ng

Tue, 30 Jun 2009 09:51:49 EDT

anon : I do this with a syslog-ng filter expression, a new destination as a FIFO, and some Perl script that reads the FIFO and uses Mail::Mailer to send an email.

I can share this code if you wish.

Sending emails via syslog-ng

Tue, 30 Jun 2009 07:32:13 EDT

reaky : Hi friends
I have syslog-ng installed in RHEL5 server, I make it as CEntral log for all servers in my network, Filtered by IP
Now What I want to do is make it send to me an email for a specific log for one of my server, In other word when any log sent from this IP (192.168.1.1 ) For example to send me email with this new log value to myemail@mydomain.com
The following is the part of configuration for my syslog-ng.conf that related with remote servers.
=============================================

source s_remote {
tcp(ip(0.0.0.0) port(514));
udp(ip(0.0.0.0) port(514));
};

destination d_separatedbyhosts {
file("/var/log/syslog-ng/servers/$HOST/$FACILITY.log" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

log { source(s_remote); destination(d_separatedbyhosts); };
===============================================

Thanks
Best Regards
Reaky