Sending email via syslog-ng

reaky · #1 (**permalink**) 06-30-2009

Hi friends
I have syslog-ng installed in RHEL5 server, I make it as CEntral log for all servers in my network, Filtered by IP
Now What I want to do is make it send to me an email for a specific log for one of my server, In other word when any log sent from this IP (192.168.1.1 ) For example to send me email with this new log value to myemail@mydomain.com
The following is the part of configuration for my syslog-ng.conf that related with remote servers.
=============================================

source s_remote {
tcp(ip(0.0.0.0) port(514));
udp(ip(0.0.0.0) port(514));
};

destination d_separatedbyhosts {
file("/var/log/syslog-ng/servers/$HOST/$FACILITY.log" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

log { source(s_remote); destination(d_separatedbyhosts); };
===============================================

Thanks
Best Regards
Reaky

balabit · #2 (**permalink**) 06-30-2009

You could try to use the program(destination) and write a script that takes the log message from the standard input and mails it to you.

reaky · #3 (**permalink**) 07-06-2009

Ok how if I want to send just a log using level if severity, For example from severity 4 -->0 , The following is the full conf file:
========================================
=======================================
# configuration file for syslog-ng, customized for remote logging

source s_internal { internal(); };
destination d_syslognglog { file("/var/log/syslog-ng.log"); };
log { source(s_internal); destination(d_syslognglog); };

# Remote logging
source s_remote {
tcp(ip(0.0.0.0) port(514));
udp(ip(0.0.0.0) port(514));
};

destination d_separatedbyhosts {
file("/var/log/syslog-ng/servers/$HOST/$FACILITY.log" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

log { source(s_remote); destination(d_separatedbyhosts); };

options {

# Number of syslog lines stored in memory before being written to files
flush_lines (0);

# Syslog-ng uses queues
log_fifo_size (1000);

# Create log directories as needed
create_dirs (yes);

# Make the group "logs" own the log files and directories
group (logs);
dir_group (logs);

# Set the file and directory permissions
perm (0640);
dir_perm (0750);

# Check client hostnames for valid DNS characters
check_hostname (yes);

# Specify whether to trust hostname in the log message.
# If "yes", then it is left unchanged, if "no" the server replaces
# it with client's DNS lookup value.
keep_hostname (yes);

# Use DNS fully qualified domain names (FQDN)
# for the names of log file folders
use_fqdn (yes);
use_dns (yes);

# Cache DNS entries for up to 1000 hosts for 12 hours
dns_cache (yes);
dns_cache_size (1000);

# messages and label it "d_localhost"
source s_localhost {
pipe ("/proc/kmsg" program_override("kernel: "));
unix-stream ("/dev/log");
internal();
};

# Define the destination "d_localhost" log directory
destination d_localhost {
file ("/var/log/syslog-ng/localhost/$FACILITY.log");
};

# Define all the sources of network generated syslog
# messages and label it "d_network"
source s_network {
tcp(max-connections(5000));
udp();
};

# Define the destination "d_network" log directory
destination d_network {
file ("/var/log/syslog-ng/$YEAR.$MONTH.$DAY/$HOST/$FACILITY.log");
};

# Any logs that match the "s_localhost" source should be logged
# in the "d_localhost" directory

log { source(s_localhost);
destination(d_localhost);
};
==================================================

---------- Post updated 07-06-09 at 02:55 AM ---------- Previous update was 07-05-09 at 07:18 AM ----------

It worked now successfuly
with the following

=============
source sme {file (/var/log/syslog-ng/servers/Central.mc.tedata.net/authpriv.log); };

destination maillog { program ("/usr/local/bin/syslog-mail-perl" );
};
log {source(sme); destination(maillog); };
===============
Thanks

---------- Post updated at 07:47 AM ---------- Previous update was at 02:55 AM ----------

Dears I still have a small problem that when It tried to send emails I found that I must restart syslog every time to send the mails to sendmail, In another word it buffer the emails tell I restart syslog-ng then It forwerd it to send mail and can see it in the mail log.
Do you have any idea for that ?
Thanks

the perl script

+++++++++++++++++++++++++++++++++++=
#!/usr/bin/perl -n
# thanks to Brian Dowling for an example with security in mind.

$TO = 'reaky@domain.com';
$FROM = $TO;

s/^//;

open(MAIL, "|/usr/sbin/sendmail -t");

print MAIL "EOT";
To: $TO
From: $FROM
Subject: SME Log Alert: $_

$_

EOT

close(MAIL);
+++++++++++++++++++++++++++++++++++++++

balabit · #4 (**permalink**) 07-06-2009

Try to set flush_timeout(1000). Hopefully that way syslog-ng will send out the messages.
See
8.2.*Destination drivers for details.

reaky · #5 (**permalink**) 07-07-2009

I tried the option but didn't work too ..

More UNIX and Linux Forum Topics You Might Find Helpful
Thread	Thread Starter	Forum	Replies	Last Post
sending messages from auditd logs to syslog server	jmathenge	Linux	1	12-16-2008 09:37 AM
Sending email attachments	venush	UNIX for Dummies Questions & Answers	2	06-06-2008 01:42 AM
sending syslog output to stderr or stdout	dmirza	UNIX for Advanced & Expert Users	1	10-24-2005 06:41 PM
sending email	vasikaran	UNIX for Dummies Questions & Answers	1	07-05-2005 05:50 AM
Sending email	bcheaib	UNIX for Dummies Questions & Answers	7	02-22-2005 09:03 AM

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:


	Powered by