Sending email via syslog-ng | Unix Linux Forums | UNIX and Linux Applications

  Go Back    


UNIX and Linux Applications Discuss UNIX and Linux software applications. This includes SQL, Databases, Middleware, MOM, SOA, EDA, CEP, BI, BPM and similar topics.

Sending email via syslog-ng

UNIX and Linux Applications


Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 06-30-2009
reaky reaky is offline
Registered User
 
Join Date: May 2009
Last Activity: 20 June 2010, 5:31 PM EDT
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Sending email via syslog-ng

Hi friends
I have syslog-ng installed in RHEL5 server, I make it as CEntral log for all servers in my network, Filtered by IP
Now What I want to do is make it send to me an email for a specific log for one of my server, In other word when any log sent from this IP (192.168.1.1 ) For example to send me email with this new log value to myemail@mydomain.com
The following is the part of configuration for my syslog-ng.conf that related with remote servers.
=============================================

source s_remote {
tcp(ip(0.0.0.0) port(514));
udp(ip(0.0.0.0) port(514));
};

destination d_separatedbyhosts {
file("/var/log/syslog-ng/servers/$HOST/$FACILITY.log" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

log { source(s_remote); destination(d_separatedbyhosts); };
===============================================

Thanks
Best Regards
Reaky
Sponsored Links
    #2  
Old 06-30-2009
balabit balabit is offline
Registered User
 
Join Date: Jun 2009
Last Activity: 7 July 2009, 7:54 AM EDT
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
You could try to use the program(destination) and write a script that takes the log message from the standard input and mails it to you.
Sponsored Links
    #3  
Old 07-06-2009
reaky reaky is offline
Registered User
 
Join Date: May 2009
Last Activity: 20 June 2010, 5:31 PM EDT
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Ok how if I want to send just a log using level if severity, For example from severity 4 -->0 , The following is the full conf file:
========================================
=======================================
# configuration file for syslog-ng, customized for remote logging

source s_internal { internal(); };
destination d_syslognglog { file("/var/log/syslog-ng.log"); };
log { source(s_internal); destination(d_syslognglog); };

# Remote logging
source s_remote {
tcp(ip(0.0.0.0) port(514));
udp(ip(0.0.0.0) port(514));
};

destination d_separatedbyhosts {
file("/var/log/syslog-ng/servers/$HOST/$FACILITY.log" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

log { source(s_remote); destination(d_separatedbyhosts); };

options {

# Number of syslog lines stored in memory before being written to files
flush_lines (0);

# Syslog-ng uses queues
log_fifo_size (1000);

# Create log directories as needed
create_dirs (yes);

# Make the group "logs" own the log files and directories
group (logs);
dir_group (logs);

# Set the file and directory permissions
perm (0640);
dir_perm (0750);

# Check client hostnames for valid DNS characters
check_hostname (yes);

# Specify whether to trust hostname in the log message.
# If "yes", then it is left unchanged, if "no" the server replaces
# it with client's DNS lookup value.
keep_hostname (yes);

# Use DNS fully qualified domain names (FQDN)
# for the names of log file folders
use_fqdn (yes);
use_dns (yes);

# Cache DNS entries for up to 1000 hosts for 12 hours
dns_cache (yes);
dns_cache_size (1000);

# messages and label it "d_localhost"
source s_localhost {
pipe ("/proc/kmsg" program_override("kernel: "));
unix-stream ("/dev/log");
internal();
};

# Define the destination "d_localhost" log directory
destination d_localhost {
file ("/var/log/syslog-ng/localhost/$FACILITY.log");
};

# Define all the sources of network generated syslog
# messages and label it "d_network"
source s_network {
tcp(max-connections(5000));
udp();
};

# Define the destination "d_network" log directory
destination d_network {
file ("/var/log/syslog-ng/$YEAR.$MONTH.$DAY/$HOST/$FACILITY.log");
};

# Any logs that match the "s_localhost" source should be logged
# in the "d_localhost" directory

log { source(s_localhost);
destination(d_localhost);
};
==================================================

---------- Post updated 07-06-09 at 02:55 AM ---------- Previous update was 07-05-09 at 07:18 AM ----------

It worked now successfuly
with the following

=============
source sme {file (/var/log/syslog-ng/servers/Central.mc.tedata.net/authpriv.log); };


destination maillog { program ("/usr/local/bin/syslog-mail-perl" );
};
log {source(sme); destination(maillog); };
===============
Thanks

---------- Post updated at 07:47 AM ---------- Previous update was at 02:55 AM ----------

Dears I still have a small problem that when It tried to send emails I found that I must restart syslog every time to send the mails to sendmail, In another word it buffer the emails tell I restart syslog-ng then It forwerd it to send mail and can see it in the mail log.
Do you have any idea for that ?
Thanks

the perl script

+++++++++++++++++++++++++++++++++++=
#!/usr/bin/perl -n
# thanks to Brian Dowling for an example with security in mind.

$TO = 'reaky@domain.com';
$FROM = $TO;

s/^//;

open(MAIL, "|/usr/sbin/sendmail -t");

print MAIL "EOT";
To: $TO
From: $FROM
Subject: SME Log Alert: $_

$_

EOT

close(MAIL);
+++++++++++++++++++++++++++++++++++++++

Last edited by reaky; 07-06-2009 at 10:21 AM..
    #4  
Old 07-06-2009
balabit balabit is offline
Registered User
 
Join Date: Jun 2009
Last Activity: 7 July 2009, 7:54 AM EDT
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Try to set flush_timeout(1000). Hopefully that way syslog-ng will send out the messages.
See
8.2.*Destination drivers for details.
Sponsored Links
    #5  
Old 07-07-2009
reaky reaky is offline
Registered User
 
Join Date: May 2009
Last Activity: 20 June 2010, 5:31 PM EDT
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
I tried the option but didn't work too ..
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
sending messages from auditd logs to syslog server jmathenge Linux 1 12-16-2008 09:37 AM
Sending email attachments venush UNIX for Dummies Questions & Answers 2 06-06-2008 02:42 AM
sending syslog output to stderr or stdout dmirza UNIX for Advanced & Expert Users 1 10-24-2005 07:41 PM
sending email vasikaran UNIX for Dummies Questions & Answers 1 07-05-2005 06:50 AM
Sending email bcheaib UNIX for Dummies Questions & Answers 7 02-22-2005 09:03 AM



All times are GMT -4. The time now is 04:31 AM.