Stroller writes: > All I want is a simple email notification when $string appears in the > log. > > I'm actually a little surprised that there isn't a syslogger which can > parse stuff as it writes it out, and thus perform actions, such as > mailing. I'm assuming there isn't, since no-one has mentioned it.
If you only neet to filter for single lines, I'd think every syslogger can do this. I have this in /etc/metalog.conf: ISDN calls : facility = "kern" regex = "isdn_tty: call from" logdir = "/var/log/callers" command = "/usr/local/sbin/ring.sh" Password failures : regex = "(password|login|authentication)\s+(fail|invalid)" regex = "(failed|invalid)\s+(password|login|authentication|user)" regex = "ILLEGAL ROOT LOGIN" logdir = "/var/log/pwdfail" # command = "/usr/local/sbin/mail_pwd_failures.sh" The scripts get the syslog line as argument. However, the mail_pwd_failures.sh script would be called twice because I get two matching lines when I give a wrong password (one by pam_unix, one by pam_authenticate). Wonko