|
Title: no mail being generated Post by: sal_ on January 22, 2010, 09:21:09 pm Hi everyone.
I am trying to send mail notifications using the syslog-ng program() function and it's not working I use the same filter to log to a file and the data is going to the file correctly. When I run the script manually "grep ASA-5-111008 log_file | /usr/local/bin/cisco-cfg.pl" mail is generated. I am including the syslog-ng.cfg snippet and the cisco-cfg.pl code. Any ideas how I can trouble shoot why the email is not being sent from syslog-ng Thanks for you help syslog-ng.conf =========== source external { udp(port(514)); tcp(ip(0.0.0.0) port(5000) max-connections(300)); }; destination d_cisco_config{ program ("/usr/local/bin/cisco-cfg.pl"); }; destination test { file ("/var/log/HOSTS/test"); }; filter f_firewall_config{ match("ASA-6-605005") or match("ASA-5-111008"); }; log { #log to file to test that filter is working source(external); filter(f_firewall_config); destination(test); }; log { source (external); filter (f_switch_config); destination(d_cisco_config); }; /usr/local/bin/cisco-cfg.pl ================ #!/usr/bin/perl -n use strict; use warnings; my $d_month = ""; my $d_day = ""; my $d_hour = ""; my $d_min = ""; my $d_sec = ""; my $host = ""; my $user = ""; my $command = ""; my $user_pc = ""; my $interface = ""; my $title = ""; my $to = ""; my $from = ""; my $subject = ""; if (/ASA\-5\-111008/) { /(\w{1,3})\s*(\d{1,2})\s(\d{2}):(\d{2}):(\d{2}).*?(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).*?'(.*?)'.*?'(.*?)'/; $d_month = $1; $d_day = $2; $d_hour = $3; $d_min = $4; $d_sec = $5; $host = $6; $user = $7; $command = $8; $to = 'user@mail.com'; $title = "$host Firewall config alert"; $from = 'root@cadis.net'; open( MAIL, "|/usr/sbin/sendmail -t"); print MAIL "EOT"; ## Mail Header print MAIL "To: $to\n"; print MAIL "From: $from\n"; print MAIL "Subject: Firewall config change on $host\n\n"; ## mail body print MAIL "Host: $host\n"; print MAIL "Edited by: $user\n"; print MAIL "Command issued: $command\n"; print MAIL "Log stamp: $d_month $d_day $d_hour:$d_min.$d_sec\n"; print MAIL "\n\n"; print MAIL "Log message:\n"; print MAIL "$_\n"; print MAIL "EOT"; close( MAIL ); } Title: Re: no mail being generated Post by: Admin on January 24, 2010, 10:08:49 am I will admit I am not a perl guy, but I do have a working email script. I use this, which works quite well:
Code: #!/usr/bin/perl -n # thanks to Brian Dowling for an example with security in mind. $TO = 'root@localhost'; $FROM = $TO; s/^<\d{1,2}>//; open(MAIL, "|/usr/sbin/sendmail -t"); print MAIL <<"EOT"; To: $TO From: $FROM Subject: Log Alert: $_ $_ EOT close(MAIL); The problem with the script you're using may be a problem with the if () condition at the top, which prevents the mail from being sent, but I am not certain. Title: Re: no mail being generated Post by: sal_ on January 24, 2010, 11:27:03 am Thanks for the reply. I tried trouble shooting by taking out the if statement and still nothing.
I also tried writing to a file print "test\n"; print "$_\n"; and only the "test" string is being written. I think syslog-ng is not passing the data. Title: Re: no mail being generated Post by: Admin on January 24, 2010, 01:54:29 pm I was just looking at your config again and noticed that in this log statement:
log { source (external); filter (f_switch_config); destination(d_cisco_config); }; There does not appear to be a filter by the name of f_switch_config defined. Is that defined elsewhere in the syslog-ng.conf file? Title: Re: no mail being generated Post by: sal_ on January 24, 2010, 02:52:23 pm Thanks, I fixed the filter name.
I think I'm making progress, I got one email delivered. Title: Re: no mail being generated Post by: Admin on January 24, 2010, 04:20:49 pm good deal. let us know what you find or get need additional help
|