Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 09 Mar 2002 17:55:46 -0500
From:      "Eric I. Arnoth" <earnoth@comcast.net>
To:        "Crist J. Clark" <cjc@FreeBSD.ORG>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: syslog.conf problems
Message-ID:  <0GSQ002AUAHYKE@mtaout01.icomcast.net>
In-Reply-To: <20020222033846.MDLM14626.femail23.sdc1.sfba.home.com@there>
References:  <20020221030958.QQRM18863.femail11.sdc1.sfba.home.com@there> <20020221041623.Q48401@blossom.cjclark.org> <20020222033846.MDLM14626.femail23.sdc1.sfba.home.com@there>

next in thread | previous in thread | raw e-mail | index | archive | help

--Boundary_(ID_/NFTfj655l9LOLalp2NQzg)
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT

Since the original thread below, I've come quite a long way in my script, but 
now I have more difficult issue.  Syslog calls the script correctly, but I 
find it does not call the script for every instance of the event logging 
which I have set it up for. 

Specifically, I have written a Python script to read & parse ipfw output from 
syslog.  I have added the following line to my syslog.conf file:

security.*                                      |exec /root/ipfwloggerc.py

But not every firewall log event which is written to /var/log/security 
results in an execution of /root/ipfwloggerc.py.   In simple tests, I 
truncated the script to simply append the output to a file, and do no 
processing.  On the average there was between 40% - 60% execution rates

What's going on?  Is this a syslog issue?   If anyone replies, please be sure 
to CC me, as I do not subscribe to this list anymore.

Kind regards, 
Eric

On Thursday 21 February 2002 22:36, Eric I.Arnoth wrote:
> On Thursday 21 February 2002 07:16, you wrote:
> > You'll kick yourself. Is /hello_log.sh set executable?
>
> Ugghh....no, it wasn't.  <sigh>
>
> Now that I chmod'd it properly, the bourne scipt runs just fine.  I then
> tried to make it echo the line to my python script, thusly:
> --------------------------------------------------------
> #!/bin/sh
> read line
> echo "$line" | /hello_log.py
> --------------------------------------------------------
> It works just fine.  Thus explaining to me the man page's comments about
> shell script wrapper to set up the run-once-and-die mechanism.
>
> So now that I have the proof of concept, I can do whatever I want in
> Python, such as parse the output and send it to Postgresql.
>
> Thanks much for the simple assist, though I am quite embarassed that it was
> such a simple detail.  I still don't understand why the Python script on it
> won't run properly.  (It is 755 perm  ;-)
>
> hello_log.py
> --------------------------------------------------------
> #!/usr/local/bin/python
> import sys
>
> test_file = open("/test.out", 'a')
> test_file.write(sys.__stdin__.read())
> test_file.flush()
> test_file.close()
> sys.exit()
> --------------------------------------------------------
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

--Boundary_(ID_/NFTfj655l9LOLalp2NQzg)
Content-type: application/x-python; name=ipfwloggerc.py
Content-transfer-encoding: base64
Content-disposition: attachment; filename=ipfwloggerc.py

IyEvdXNyL2xvY2FsL2Jpbi9weXRob24KaW1wb3J0IHN5cwppbXBvcnQgb3MKaW1wb3J0IHRpbWUK
aW1wb3J0IHN5c2xvZwppbXBvcnQgdHJhY2ViYWNrCgoKaWYgX19uYW1lX189PSdfX21haW5fXyc6
CiAgICBzeXNsb2cub3BlbmxvZygiaXBmd2xvZ2dlcmMiKQogICAgdHJ5OgogICAgICAgIG91dGZp
bGUgPSBvcGVuKCIvcm9vdC90ZXN0Lm91dCIsICJhIikKICAgIGV4Y2VwdDoKICAgICAgICB0cmFj
ZWJhY2tfaW5mbyA9IHRyYWNlYmFjay5mb3JtYXRfZXhjZXB0aW9uKHN5cy5leGNfaW5mbygpWzBd
LCBcCiAgICAgICAgICAgICAgICAgICAgc3lzLmV4Y19pbmZvKClbMV0sIHN5cy5leGNfaW5mbygp
WzJdKQogICAgICAgIGZvciB0Yl9pdGVtIGluIHRyYWNlYmFja19pbmZvOgogICAgICAgICAgICBz
eXNsb2cuc3lzbG9nKHN5c2xvZy5MT0dfRVJSLCB0Yl9pdGVtKQoKICAgIG91dHB1dCA9IHN5cy5f
X3N0ZGluX18ucmVhZGxpbmUoKQogICAgb3V0ZmlsZS53cml0ZShvdXRwdXQpCiAgICBvdXRmaWxl
LmZsdXNoKCkKICAgIG91dGZpbGUuY2xvc2UoKQoK

--Boundary_(ID_/NFTfj655l9LOLalp2NQzg)
Content-type: text/plain; charset=iso-8859-1; name=test.output
Content-transfer-encoding: 7BIT
Content-disposition: attachment; filename=test.output

6:02pm[246]# wc /var/log/security
       3      36     253 /var/log/security
6:03pm[247]# wc /var/log/security
      13     166    1133 /var/log/security
6:04pm[248]# wc /var/log/security
      14     180    1227 /var/log/security
6:05pm[249]# wc /var/log/security
      20     259    1759 /var/log/security
6:05pm[250]#
--------------------------------------------------------------------------------
6:02pm[39]# wc test.out
       0       0       0 test.out
6:03pm[40]# wc test.out
       6      74     500 test.out
6:04pm[41]# wc test.out
       7      88     594 test.out
6:05pm[42]# wc test.out
      10     125     841 test.out
6:05pm[43]#

--Boundary_(ID_/NFTfj655l9LOLalp2NQzg)--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0GSQ002AUAHYKE>