Date: Sat, 09 Mar 2002 17:55:46 -0500 From: "Eric I. Arnoth" <earnoth@comcast.net> To: "Crist J. Clark" <cjc@FreeBSD.ORG> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: syslog.conf problems Message-ID: <0GSQ002AUAHYKE@mtaout01.icomcast.net> In-Reply-To: <20020222033846.MDLM14626.femail23.sdc1.sfba.home.com@there> References: <20020221030958.QQRM18863.femail11.sdc1.sfba.home.com@there> <20020221041623.Q48401@blossom.cjclark.org> <20020222033846.MDLM14626.femail23.sdc1.sfba.home.com@there>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Since the original thread below, I've come quite a long way in my script, but
now I have more difficult issue. Syslog calls the script correctly, but I
find it does not call the script for every instance of the event logging
which I have set it up for.
Specifically, I have written a Python script to read & parse ipfw output from
syslog. I have added the following line to my syslog.conf file:
security.* |exec /root/ipfwloggerc.py
But not every firewall log event which is written to /var/log/security
results in an execution of /root/ipfwloggerc.py. In simple tests, I
truncated the script to simply append the output to a file, and do no
processing. On the average there was between 40% - 60% execution rates
What's going on? Is this a syslog issue? If anyone replies, please be sure
to CC me, as I do not subscribe to this list anymore.
Kind regards,
Eric
On Thursday 21 February 2002 22:36, Eric I.Arnoth wrote:
> On Thursday 21 February 2002 07:16, you wrote:
> > You'll kick yourself. Is /hello_log.sh set executable?
>
> Ugghh....no, it wasn't. <sigh>
>
> Now that I chmod'd it properly, the bourne scipt runs just fine. I then
> tried to make it echo the line to my python script, thusly:
> --------------------------------------------------------
> #!/bin/sh
> read line
> echo "$line" | /hello_log.py
> --------------------------------------------------------
> It works just fine. Thus explaining to me the man page's comments about
> shell script wrapper to set up the run-once-and-die mechanism.
>
> So now that I have the proof of concept, I can do whatever I want in
> Python, such as parse the output and send it to Postgresql.
>
> Thanks much for the simple assist, though I am quite embarassed that it was
> such a simple detail. I still don't understand why the Python script on it
> won't run properly. (It is 755 perm ;-)
>
> hello_log.py
> --------------------------------------------------------
> #!/usr/local/bin/python
> import sys
>
> test_file = open("/test.out", 'a')
> test_file.write(sys.__stdin__.read())
> test_file.flush()
> test_file.close()
> sys.exit()
> --------------------------------------------------------
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
[-- Attachment #2 --]
#!/usr/local/bin/python
import sys
import os
import time
import syslog
import traceback
if __name__=='__main__':
syslog.openlog("ipfwloggerc")
try:
outfile = open("/root/test.out", "a")
except:
traceback_info = traceback.format_exception(sys.exc_info()[0], \
sys.exc_info()[1], sys.exc_info()[2])
for tb_item in traceback_info:
syslog.syslog(syslog.LOG_ERR, tb_item)
output = sys.__stdin__.readline()
outfile.write(output)
outfile.flush()
outfile.close()
[-- Attachment #3 --]
6:02pm[246]# wc /var/log/security
3 36 253 /var/log/security
6:03pm[247]# wc /var/log/security
13 166 1133 /var/log/security
6:04pm[248]# wc /var/log/security
14 180 1227 /var/log/security
6:05pm[249]# wc /var/log/security
20 259 1759 /var/log/security
6:05pm[250]#
--------------------------------------------------------------------------------
6:02pm[39]# wc test.out
0 0 0 test.out
6:03pm[40]# wc test.out
6 74 500 test.out
6:04pm[41]# wc test.out
7 88 594 test.out
6:05pm[42]# wc test.out
10 125 841 test.out
6:05pm[43]#
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0GSQ002AUAHYKE>