Stroller writes:
> All I want is a simple email notification when $string appears in the
> log.
>
> I'm actually a little surprised that there isn't a syslogger which can
> parse stuff as it writes it out, and thus perform actions, such as
> mailing. I'm assuming there isn't, since no-one has mentioned it.
If you only neet to filter for single lines, I'd think every syslogger can
do this. I have this in /etc/metalog.conf:
ISDN calls :
facility = "kern"
regex = "isdn_tty: call from"
logdir = "/var/log/callers"
command = "/usr/local/sbin/ring.sh"
Password failures :
regex = "(password|login|authentication)\s+(fail|invalid)"
regex = "(failed|invalid)\s+(password|login|authentication|user)"
regex = "ILLEGAL ROOT LOGIN"
logdir = "/var/log/pwdfail"
# command = "/usr/local/sbin/mail_pwd_failures.sh"
The scripts get the syslog line as argument. However, the
mail_pwd_failures.sh script would be called twice because I get two
matching lines when I give a wrong password (one by pam_unix, one by
pam_authenticate).
Wonko
