From owner-freebsd-questions Sat Mar 9 14:58:51 2002 Delivered-To: freebsd-questions@freebsd.org Received: from smtp.comcast.net (smtp.comcast.net [24.153.64.2]) by hub.freebsd.org (Postfix) with ESMTP id 859E037B417; Sat, 9 Mar 2002 14:58:47 -0800 (PST) Received: from there (pcp01490944pcs.maplln01.de.comcast.net [68.82.36.167]) by mtaout01.icomcast.net (iPlanet Messaging Server 5.1 (built Feb 6 2002)) with SMTP id <0GSQ002ASAHYKE@mtaout01.icomcast.net>; Sat, 09 Mar 2002 17:58:46 -0500 (EST) Date: Sat, 09 Mar 2002 17:55:46 -0500 From: "Eric I. Arnoth" Subject: Re: syslog.conf problems In-reply-to: <20020222033846.MDLM14626.femail23.sdc1.sfba.home.com@there> To: "Crist J. Clark" Cc: freebsd-questions@FreeBSD.ORG Reply-To: earnoth@comcast.net Message-id: <0GSQ002AUAHYKE@mtaout01.icomcast.net> MIME-version: 1.0 X-Mailer: KMail [version 1.3] Content-type: multipart/mixed; boundary="Boundary_(ID_/NFTfj655l9LOLalp2NQzg)" References: <20020221030958.QQRM18863.femail11.sdc1.sfba.home.com@there> <20020221041623.Q48401@blossom.cjclark.org> <20020222033846.MDLM14626.femail23.sdc1.sfba.home.com@there> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --Boundary_(ID_/NFTfj655l9LOLalp2NQzg) Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7BIT Since the original thread below, I've come quite a long way in my script, but now I have more difficult issue. Syslog calls the script correctly, but I find it does not call the script for every instance of the event logging which I have set it up for. Specifically, I have written a Python script to read & parse ipfw output from syslog. I have added the following line to my syslog.conf file: security.* |exec /root/ipfwloggerc.py But not every firewall log event which is written to /var/log/security results in an execution of /root/ipfwloggerc.py. In simple tests, I truncated the script to simply append the output to a file, and do no processing. On the average there was between 40% - 60% execution rates What's going on? Is this a syslog issue? If anyone replies, please be sure to CC me, as I do not subscribe to this list anymore. Kind regards, Eric On Thursday 21 February 2002 22:36, Eric I.Arnoth wrote: > On Thursday 21 February 2002 07:16, you wrote: > > You'll kick yourself. Is /hello_log.sh set executable? > > Ugghh....no, it wasn't. > > Now that I chmod'd it properly, the bourne scipt runs just fine. I then > tried to make it echo the line to my python script, thusly: > -------------------------------------------------------- > #!/bin/sh > read line > echo "$line" | /hello_log.py > -------------------------------------------------------- > It works just fine. Thus explaining to me the man page's comments about > shell script wrapper to set up the run-once-and-die mechanism. > > So now that I have the proof of concept, I can do whatever I want in > Python, such as parse the output and send it to Postgresql. > > Thanks much for the simple assist, though I am quite embarassed that it was > such a simple detail. I still don't understand why the Python script on it > won't run properly. (It is 755 perm ;-) > > hello_log.py > -------------------------------------------------------- > #!/usr/local/bin/python > import sys > > test_file = open("/test.out", 'a') > test_file.write(sys.__stdin__.read()) > test_file.flush() > test_file.close() > sys.exit() > -------------------------------------------------------- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message --Boundary_(ID_/NFTfj655l9LOLalp2NQzg) Content-type: application/x-python; name=ipfwloggerc.py Content-transfer-encoding: base64 Content-disposition: attachment; filename=ipfwloggerc.py IyEvdXNyL2xvY2FsL2Jpbi9weXRob24KaW1wb3J0IHN5cwppbXBvcnQgb3MKaW1wb3J0IHRpbWUK aW1wb3J0IHN5c2xvZwppbXBvcnQgdHJhY2ViYWNrCgoKaWYgX19uYW1lX189PSdfX21haW5fXyc6 CiAgICBzeXNsb2cub3BlbmxvZygiaXBmd2xvZ2dlcmMiKQogICAgdHJ5OgogICAgICAgIG91dGZp bGUgPSBvcGVuKCIvcm9vdC90ZXN0Lm91dCIsICJhIikKICAgIGV4Y2VwdDoKICAgICAgICB0cmFj ZWJhY2tfaW5mbyA9IHRyYWNlYmFjay5mb3JtYXRfZXhjZXB0aW9uKHN5cy5leGNfaW5mbygpWzBd LCBcCiAgICAgICAgICAgICAgICAgICAgc3lzLmV4Y19pbmZvKClbMV0sIHN5cy5leGNfaW5mbygp WzJdKQogICAgICAgIGZvciB0Yl9pdGVtIGluIHRyYWNlYmFja19pbmZvOgogICAgICAgICAgICBz eXNsb2cuc3lzbG9nKHN5c2xvZy5MT0dfRVJSLCB0Yl9pdGVtKQoKICAgIG91dHB1dCA9IHN5cy5f X3N0ZGluX18ucmVhZGxpbmUoKQogICAgb3V0ZmlsZS53cml0ZShvdXRwdXQpCiAgICBvdXRmaWxl LmZsdXNoKCkKICAgIG91dGZpbGUuY2xvc2UoKQoK --Boundary_(ID_/NFTfj655l9LOLalp2NQzg) Content-type: text/plain; charset=iso-8859-1; name=test.output Content-transfer-encoding: 7BIT Content-disposition: attachment; filename=test.output 6:02pm[246]# wc /var/log/security 3 36 253 /var/log/security 6:03pm[247]# wc /var/log/security 13 166 1133 /var/log/security 6:04pm[248]# wc /var/log/security 14 180 1227 /var/log/security 6:05pm[249]# wc /var/log/security 20 259 1759 /var/log/security 6:05pm[250]# -------------------------------------------------------------------------------- 6:02pm[39]# wc test.out 0 0 0 test.out 6:03pm[40]# wc test.out 6 74 500 test.out 6:04pm[41]# wc test.out 7 88 594 test.out 6:05pm[42]# wc test.out 10 125 841 test.out 6:05pm[43]# --Boundary_(ID_/NFTfj655l9LOLalp2NQzg)-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message