From owner-freebsd-questions@freebsd.org Tue Apr 11 14:12:21 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EF95BD3911C for ; Tue, 11 Apr 2017 14:12:21 +0000 (UTC) (envelope-from woodsb02@gmail.com) Received: from mail-wm0-x232.google.com (mail-wm0-x232.google.com [IPv6:2a00:1450:400c:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A218C220 for ; Tue, 11 Apr 2017 14:12:21 +0000 (UTC) (envelope-from woodsb02@gmail.com) Received: by mail-wm0-x232.google.com with SMTP id u2so1857710wmu.0 for ; Tue, 11 Apr 2017 07:12:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=U5cn+P1jRXEFfUF0AlzpAW+2e0t9mX230CXH9R2glfQ=; b=LqJM99DnT4hhERgh4UyVKihOIoyJ6kR07t2DJ2La6Cas214pTIekScb0IxHYHG/GU7 xXhfBcoTDA1Z77KxbgVbcAPac3+OGedUCQc4NlJ9+8zksdOHjF+rUii9B/JHK7zvmTt6 f5US8RI6oalSNwgJ69C/OHF524bwpUo9dm/uftz2VfV+LFvPIvtNyC61qy9HLhJZVJDs Nw4wCK4LwJmtOp+GDOx/jnnRsuEZOUG0iphq0nnxPsXKC6bsPDdeNF/PwfmFeDxMBjwv 5TLyJcssmNMb2cDVpxT5UiTmP0IC8qIM5KP2q3j1/P3V5agYRJ4yxhgXFfzxbqxMRTv7 32bQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=U5cn+P1jRXEFfUF0AlzpAW+2e0t9mX230CXH9R2glfQ=; b=Lou7mhm3g3TubK/gJfF4QO1g3YMMjqjSn3kq8sPbC/GYxdO9dhuo8GdpA9lfCASvkl 5zGPwAZKdcGKcxMX3ff+amflEIlOvC6UHWjCQLMDNId7XHJi/obHkeWQv6F+xJ5NCzSn 2hFcjiQaxaVoTGcxsCtvYYx1GFytf+KFzTTrH06PhmccUDZXmvr46/Dv+L150LipyAT2 YHE1+7Yxa/eK7kO9L+7oqpMQUo+0YK3cNZCJs4m1tCZksCnqKzHHrZBrrelWaAOEbtQK NpiVeobllgfUj7yeJZKQc+1/PSahHbFhK5ent2Yt/Madr4Iissi0nBacfWvyyowViT/G pkIA== X-Gm-Message-State: AN3rC/4kbN4A3bWE842cGeHlvTMup+gT4SYPMGHjmAHPXHC4+mbsxpYRH9Eq+tfe+tQ4UZfALplOgCw3CsCQkw== X-Received: by 10.28.23.198 with SMTP id 189mr13736130wmx.127.1491919939903; Tue, 11 Apr 2017 07:12:19 -0700 (PDT) MIME-Version: 1.0 Received: by 10.80.171.91 with HTTP; Tue, 11 Apr 2017 07:12:19 -0700 (PDT) In-Reply-To: <58E2C19A.40306@gmail.com> References: <58E2C19A.40306@gmail.com> From: Ben Woods Date: Tue, 11 Apr 2017 22:12:19 +0800 Message-ID: Subject: Re: pipe syslog records to a script To: Ernie Luzar Cc: FreeBSD questions Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Apr 2017 14:12:22 -0000 On 4 April 2017 at 05:41, Ernie Luzar wrote: > Hello list; > > In syslog.conf I have these 2 lines. > local0.* /var/log/security > local0.* | exec /usr/local/bin/ipf.table > > The security log file is being populated and working fine. > Now I want to pipe the same log records to a script for processing. > > The ipf.table script looks like this > > #! /bin/sh > $1 >> /var/log/ipf.table.log1 > $@ >> /var/log/ipf.table.log2 > $* >> /var/log/ipf.table.log3 > > service syslogd restart > > The ipf.table.log1, 2, 3 never get populated even though I see new entries > in the security.log file. > > What am I doing wrong here? > Hi Ernie, I never even realised there was a feature in FreeBSD's syslog to pipe the log to a command. Interesting! I have just played around with this, and the problem you are facing is that the log entry is piped to the command as stdin, not passed as an argument. Use something like the following in your script to process the log as stdin: while read LINE; do echo ${LINE} >> /var/log/ipf.table.log1 done Good luck! Regards, Ben