Date: Wed, 05 Apr 2017 15:29:40 -0400 From: Ernie Luzar <luzar722@gmail.com> To: Ian Smith <smithi@nimnet.asn.au> Cc: freebsd-questions@freebsd.org Subject: Re: syslog.conf - log records to a script Message-ID: <58E545A4.6070407@gmail.com> In-Reply-To: <20170405234624.T53970@sola.nimnet.asn.au> References: <mailman.33104.1491386390.4389.freebsd-questions@freebsd.org> <20170405234624.T53970@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Ian Smith wrote:
> In freebsd-questions Digest, Vol 670, Issue 3, Message: 7
> On Tue, 04 Apr 2017 15:22:15 -0400 Ernie Luzar <luzar722@gmail.com> wrote:
>
> > In syslog.conf I have these 2 lines.
> > local0.* /var/log/security
> > local0.* | exec /usr/local/bin/ipf.table
>
> The example in syslog.conf(5) uses no space between '|' and 'exec'. I'm
> not sure whether that matters, but it's easy to test.
>
> > The security log file is being populated and working fine.
> > Now I want to pipe the same log records to a script for processing.
> >
> > I'm using a very simple script to verify that the test script is being
> > handed all the log records. My test ipf.table script looks like this,
> >
> > #! /bin/sh
>
> It's traditional (at least) to have no space between '#!' and '/bin/sh'.
> I'm not entirely sure that matters either, but it's also an easy test.
>
> > read line
> > echo "$line" >> /var/log/ipf.table.log
> >
> > When I issue "service syslogd restart" I get no errors.
> >
> > The ipf.table.log gets populated with the first log record and them
> > nothing happens after that even though I can see more entries being
> > logged to /var/log/security.
> >
> > What am I doing wrong here?
>
> I'm not sure :)
>
> Is /usr/local/bin/ipf.table owned by root and set executable?
> Any error reports in /var/log/messages or /var/log/console.log?
>
> cheers, Ian
>
Thank you for desk checking this. All ways better to have a second pair
of eyes looking things over.
I made the changes you suggested and like you though it made no
difference. The script permissions are correct. If they were not, the
single record would not have processed.
I issued "ps ax" and I don't see the ipf.table script running.
I made this simple change to the ipf.table script;
while read line; do
echo "$line" >> /var/log/ipf.table.log
done
exit 0
Now the "ps ax" command shows it running and the /var/log/ipf.table.log
file has the same content as the /var/log/security file. So its working
like I wanted. Don't understand why, but thats ok.
Thanks for your help.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?58E545A4.6070407>