syslog-ng to trigger rancid

[longman]

Hi, Guys,

I am new to syslog-ng. I have successfully installed it and integrated with mysql and php. My question is how can I make syslog-ng to start rancid when a syslog configuration message is received from a cisco device:

112578: 1564643: May 15 09:05:19.141 EEST: %SYS-5-CONFIG_I: Configured from console by ******** on vty0 (10.10.10.10).

So far I know that I have to use the program() directive. But how can I pass the hostname and other parameters to rancid?

Thanks in advance,

Longman

[longman]

Here is what I am trying to do:

######################
filter f_conf {
   match("SYS-5-CONFIG");
};


destination d_rancid {
        program("sudo -u rancid -i /home/rancid/bin/rancid-run -r $HOST");
};

log {
   source(s_all);
   filter(f_conf);
   destination(d_rancid);
};
######################

There are 2 problems with this config:
1. The "program" runs continuously
2. The $HOST macros is not recognized

Apparently, this is not the correct configuration.

Please Help

Regards,

Longman

Please help

[mutex]

I think that you have a misunderstanding of how the program() destination works.

So, on startup of syslog-ng, the "program" specified in the destination is started and waits for input.  This is done so you are not forking processes like mad as logs are coming in.  So this explains observation #1.

The subsequent problem caused by the above fact is that $HOST isn't set at the time "program" is invoked.

I found this thread:
http://thread.gmane.org/gmane.comp.syslog-ng/2151/focus=2154

Basically, you can create a perl script that is invoked with the program() call, then that script would be made to call rancid with the appropriate parameters grocked from the message.