Which syslog daemon are you running (sorry, no z/Linux here). Old-style syslog, syslog-ng, or rsyslogd? They are different in their capabilities.
One thing which should work on all of them is to make your own daemon which monitors the appropriate syslog file in the filesystem (you must tell the syslog to write to this file). You could do this something like: tail -f /var/log/log-file-with-messages | myprocessing-program You might look at the --follow= and --retry options of tail as well. Or you could emulate the tail -f processing in your own "myprocessing-program" program. syslog-ng could send the syslog messages out to a specific UDP port on a specific IP address (127.0.0.1 for localhost) or a UNIX socket. You program could accept data from this and do whatever you desire. Or even directly to a program! There are examples in the /usr/share/doc/syslog-ng*/ subdirectory. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-961-6183 cell [email protected] * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM > -----Original Message----- > From: Linux on 390 Port [mailto:[email protected]] On > Behalf Of Kern, Thomas > Sent: Monday, December 28, 2009 12:02 PM > To: [email protected] > Subject: PROP-like action routines for linux syslog ? > > Given a series of linux servers sending their filtered syslog > messages to a central server, is there some facility in linux > syslog (or an add-on) that can parse the incoming messages > and based on message content trigger some linux action > routine? Action routines might send email to some support > staff, invoke some other program (data collection/archive) or > issue a command to another server via a properly authorized path. > > /Thomas Kern > /301-903-2211 (Office) > /301-905-6427 (Mobile) > > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO > LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
