Recent Posts

Thank admin

I have setup by
    syslog-ng-2.1.3-1.i386.rpm
    libevtlog0-0.2.8-1.i386.rpm
    libdbi8-0.8.2bb2-3.rhel5.i386.rpm
    libdbi8-dev-0.8.2bb2-3.rhel5.i386.rpm


้help me Please comments.

What version of syslog-ng are you using?

help me !

You are right; in fact they even have a bug entry on those issues: https://bugs.launchpad.net/ubuntu/+source/syslog-ng/+bug/550596

I am harassing them to backport syslog-ng 3.X to 10.04 LTS, https://bugs.launchpad.net/ubuntu/+source/syslog-ng/+bug/503621

i want do link http://www.syslog.org/logged/pot-of-syslog-ng-tricks-version-1/#more-148

Sending An Email Alert Using Syslog-NG

The program() funtion in syslog-ng can do this for us, but not directly.  First, we need a small perl script:
emaillogs.pl

#!/usr/bin/perl -n
# thanks to Brian Dowling for an example with security in mind.

$TO = ‘root@localhost’;
$FROM = $TO;

s/^<\d{1,2}>//;

open(MAIL, “|/usr/sbin/sendmail -t”);

print MAIL <<”EOT”;
To: $TO
From: $FROM
Subject: Log Alert: $_

$_

EOT

Next, we configure syslog-ng to use that script:

filter f_failure { match(“failure”); };
source s_net { udp(); };
destination d_alert{ program(“/var/tmp/emaillogs.pl”; };
log {source(s_net); filter(f_failure); destination(d_alert); };

Now, syslog-ng is set to send an email each time a log is received that contains the word “failure”.

from code Reply #1

run pass

mail to inbox working,but syslog-ng to run script is not stop sendmail


Not dominant language english

If you replace the destination that sends the emails with a destination that writes to a log file, do you see logs show up there? 

Do you have the MTA (sendmail or other) set up correctly to handle email?

And it does not
  destination mail-alert { program("/usr/local/bin/syslog-mail-perl"); };
 
  filter f_attack_alert {
      match("attackalert");
  };
 
  # find messages with "attackalert" in them, and send to the mail-alert script
  log {
   source(src);
   filter(f_attack_alert);
   destination(mail-alert);
   };


file syslog-mail

#!/bin/bash
#requires: date,sendmail
function fappend {
    echo "$2">>$1;
}
YYYYMMDD=`date +%Y%m%d`
#datefull=`date +%m/%d/%y%nTIME:%H:%M:%S`
datefull=`date +%m/%d/%y%tTIME:%H:%M:%S`

# CHANGE THESE
TOEMAIL="email1@gmail.com";
FREMAIL="email2@gmail.com";
SUBJECT="Match Filter SYSLOG-NG - $YYYYMMDD";
MSGBODY="This is alert notice";

# DON'T CHANGE ANYTHING BELOW
TMP="/root/filter"$RANDOM;

rm -rf $TMP;
fappend $TMP "From: $FREMAIL";
fappend $TMP "To: $TOEMAIL";
fappend $TMP "Reply-To: $FREMAIL";
fappend $TMP "Subject: $SUBJECT";
fappend $TMP "";
#fappend $TMP "$MSGBODY";
fappend $TMP "Match Filter Message - $YYYYMMDD";
fappend $TMP "By idea";
fappend $TMP "Contact E-mail wathit@ti.co.th";
fappend $TMP "";
fappend $TMP "Test Match Filter Message - $datefull";
fappend $TMP "Bye bye";
cat $TMP|sendmail -t;
rm $TMP;


send mail ok,but send Do not stop

Hi everyone:


I don't know how to send alerts from system to
my mail. Can any one give me some hints.

Thanks for the help.


I tried failed.not send mail

"With this you can match message content (in this case the string "attackalert") and mail them. In syslog-ng.conf:"

  destination mail-alert-perl { program("/usr/local/bin/syslog-mail-perl"); };
 
  filter f_attack_alert {
      match("attackalert");
  };
 
  # find messages with "attackalert" in them, and send to the mail-alert script
  log {
   source(src);
   filter(f_attack_alert);
   destination(mail-alert-perl);
   };



file syslog-mail-perl

#!/usr/bin/perl -n
# thanks to Brian Dowling for an example with security in mind.

$TO = 'email@dot.com';
$FROM = $TO;

s/^<\d{1,2}>//;

open(MAIL, "|/usr/sbin/sendmail -t");

print MAIL <<"EOT";
To: $TO
From: $FROM
Subject: Log Alert: $_

$_

EOT

close(MAIL);