Date: Tue, 11 Apr 2017 22:12:19 +0800 From: Ben Woods <woodsb02@gmail.com> To: Ernie Luzar <luzar722@gmail.com> Cc: FreeBSD questions <freebsd-questions@freebsd.org> Subject: Re: pipe syslog records to a script Message-ID: <CAOc73CAT7tjizi%2B1c%2BeZgbWnCWP6UWPGHxJFtO9K2VKqTchMJQ@mail.gmail.com> In-Reply-To: <58E2C19A.40306@gmail.com> References: <58E2C19A.40306@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4 April 2017 at 05:41, Ernie Luzar <luzar722@gmail.com> wrote:
> Hello list;
>
> In syslog.conf I have these 2 lines.
> local0.* /var/log/security
> local0.* | exec /usr/local/bin/ipf.table
>
> The security log file is being populated and working fine.
> Now I want to pipe the same log records to a script for processing.
>
> The ipf.table script looks like this
>
> #! /bin/sh
> $1 >> /var/log/ipf.table.log1
> $@ >> /var/log/ipf.table.log2
> $* >> /var/log/ipf.table.log3
>
> service syslogd restart
>
> The ipf.table.log1, 2, 3 never get populated even though I see new entries
> in the security.log file.
>
> What am I doing wrong here?
>
Hi Ernie,
I never even realised there was a feature in FreeBSD's syslog to pipe the
log to a command. Interesting!
I have just played around with this, and the problem you are facing is that
the log entry is piped to the command as stdin, not passed as an argument.
Use something like the following in your script to process the log as stdin:
while read LINE; do
echo ${LINE} >> /var/log/ipf.table.log1
done
Good luck!
Regards,
Ben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOc73CAT7tjizi%2B1c%2BeZgbWnCWP6UWPGHxJFtO9K2VKqTchMJQ>