Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 6 Apr 2017 01:12:44 +1000 (EST)
From:      Ian Smith <smithi@nimnet.asn.au>
To:        Ernie Luzar <luzar722@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: syslog.conf - log records to a script
Message-ID:  <20170405234624.T53970@sola.nimnet.asn.au>
In-Reply-To: <mailman.33104.1491386390.4389.freebsd-questions@freebsd.org>
References:  <mailman.33104.1491386390.4389.freebsd-questions@freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
In freebsd-questions Digest, Vol 670, Issue 3, Message: 7
On Tue, 04 Apr 2017 15:22:15 -0400 Ernie Luzar <luzar722@gmail.com> wrote:

 > In syslog.conf I have these 2 lines.
 > local0.*       /var/log/security
 > local0.*      | exec /usr/local/bin/ipf.table

The example in syslog.conf(5) uses no space between '|' and 'exec'.  I'm 
not sure whether that matters, but it's easy to test.

 > The security log file is being populated and working fine.
 > Now I want to pipe the same log records to a script for processing.
 > 
 > I'm using a very simple script to verify that the test script is being 
 > handed all the log records. My test ipf.table script looks like this,
 > 
 > #! /bin/sh

It's traditional (at least) to have no space between '#!' and '/bin/sh'.
I'm not entirely sure that matters either, but it's also an easy test.

 > read line
 > echo "$line" >> /var/log/ipf.table.log
 >
 > When I issue  "service syslogd restart"  I get no errors.
 > 
 > The ipf.table.log gets populated with the first log record and them 
 > nothing happens after that even though I can see more entries being 
 > logged to /var/log/security.
 > 
 > What am I doing wrong here?

I'm not sure :)

Is /usr/local/bin/ipf.table owned by root and set executable?
Any error reports in /var/log/messages or /var/log/console.log?

cheers, Ian



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170405234624.T53970>