From owner-freebsd-questions@freebsd.org  Tue Apr 11 19:18:58 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 96A41D3A640
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Tue, 11 Apr 2017 19:18:58 +0000 (UTC)
 (envelope-from luzar722@gmail.com)
Received: from mail-io0-x22d.google.com (mail-io0-x22d.google.com
 [IPv6:2607:f8b0:4001:c06::22d])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 5CECAB71
 for <freebsd-questions@freebsd.org>; Tue, 11 Apr 2017 19:18:58 +0000 (UTC)
 (envelope-from luzar722@gmail.com)
Received: by mail-io0-x22d.google.com with SMTP id a103so15289401ioj.1
 for <freebsd-questions@freebsd.org>; Tue, 11 Apr 2017 12:18:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=message-id:date:from:user-agent:mime-version:to:cc:subject
 :references:in-reply-to:content-transfer-encoding;
 bh=LNQls5M9F3Odv/CBrcmszbTtHPnZfVWnDx0oH6Iqeqs=;
 b=FAE13egVqnIgxIY6J+OvIilDeXOVldsIUSMIueAg1hn3oqIIbb5hXeOtVHEUvE+AUB
 WQgD45XK3jSN5AcxjBqIaAFoVWtMvYbJcXvfHitHzbvUPmd3EO8aH6CQAZjI1agIq44R
 QvZHiO0UnuohWB308U8QC1xgKfPQ1+Pzu7wj/t3dX6AhxxXMTV3rMMgeudUcWzzPO8kz
 0OylMyoevsiae/l9aQ61KaEeRBhFS3akPpNccYRgGizYhXSCQRJB/WWvRcBFg9PlSpfp
 8MmZspqJWqIPj6XiJwzJuxd1CuWwuJXKNn5hc2v55Ybn9IsninSEGQ6TN6gIwmZkmFoh
 wRTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to
 :cc:subject:references:in-reply-to:content-transfer-encoding;
 bh=LNQls5M9F3Odv/CBrcmszbTtHPnZfVWnDx0oH6Iqeqs=;
 b=nymaoIslNWOPzhlHvIcFM2zyq5fleVw3JRu/MBX8B3uIKTNsgFIH9fFCMBtQDUbMuD
 X1+Y42rcqG0XUgJdrZGf31ipXovHjNjkcmAt2Dp7RaT0hCFitK/C4JHHsp3AL/2UBOqb
 H0/ycO+5Ltlbv+kuuXB/rYoPaIzvZ607pIXGM8p+To9um6mzuMoPQSzGumv7AhtXaqNv
 CFo8px+dMcPejo+WG5HDUptVyca4jIj7MujUmvD4Ubw8r/FgdX5XL9FNU30WrW/KsR5g
 m7CtcQA+D3Bwr10rE+meZoJlLfOJYpV2zxKzmhSh5NJCceYhxDX3e1p0M2DPx5dNz5nY
 SkYw==
X-Gm-Message-State: AN3rC/5upetwyVWTI9pEhL9ZspTJlfucBYOrINeskJrt3//0OHRckh8yS7b9BJUlxIzIIQ==
X-Received: by 10.107.164.106 with SMTP id n103mr8349024ioe.103.1491938337690; 
 Tue, 11 Apr 2017 12:18:57 -0700 (PDT)
Received: from [10.0.10.3] (cpe-74-141-88-57.neo.res.rr.com. [74.141.88.57])
 by smtp.googlemail.com with ESMTPSA id b98sm1291690itd.29.2017.04.11.12.18.57
 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Tue, 11 Apr 2017 12:18:57 -0700 (PDT)
Message-ID: <58ED2C33.5020009@gmail.com>
Date: Tue, 11 Apr 2017 15:19:15 -0400
From: Ernie Luzar <luzar722@gmail.com>
User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
MIME-Version: 1.0
To: Ben Woods <woodsb02@gmail.com>
CC: FreeBSD questions <freebsd-questions@freebsd.org>
Subject: Re: pipe syslog records to a script
References: <58E2C19A.40306@gmail.com>
 <CAOc73CAT7tjizi+1c+eZgbWnCWP6UWPGHxJFtO9K2VKqTchMJQ@mail.gmail.com>
In-Reply-To: <CAOc73CAT7tjizi+1c+eZgbWnCWP6UWPGHxJFtO9K2VKqTchMJQ@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Apr 2017 19:18:58 -0000

Ben Woods wrote:
> On 4 April 2017 at 05:41, Ernie Luzar <luzar722@gmail.com 
> <mailto:luzar722@gmail.com>> wrote:
> 
>     Hello list;
> 
>     In syslog.conf I have these 2 lines.
>     local0.*       /var/log/security
>     local0.*      | exec /usr/local/bin/ipf.table
> 
>     The security log file is being populated and working fine.
>     Now I want to pipe the same log records to a script for processing.
> 
>     The ipf.table script looks like this
> 
>     #! /bin/sh
>     $1 >> /var/log/ipf.table.log1
>     $@ >> /var/log/ipf.table.log2
>     $* >> /var/log/ipf.table.log3
> 
>      service syslogd restart
> 
>     The ipf.table.log1, 2, 3 never get populated even though I see new
>     entries in the security.log file.
> 
>     What am I doing wrong here?
> 
> 
> 
> Hi Ernie,
> 
> I never even realised there was a feature in FreeBSD's syslog to pipe 
> the log to a command. Interesting!
> 
> I have just played around with this, and the problem you are facing is 
> that the log entry is piped to the command as stdin, not passed as an 
> argument.
> 
> Use something like the following in your script to process the log as stdin:
> while read LINE; do
>        echo ${LINE} >> /var/log/ipf.table.log1
> done
> 
> Good luck!
> 
> Regards,
> Ben

Ben;
Thanks for the feedback.
By trial and error I also came to the same conclusion,