On Thu, 16 Dec 2010, Mark Olliver wrote:
Ok,
I think i have got a bit further, no i get an alert correctly however I am
not getting the contents of my message set correctly. As far as i understand
by creating a template I can then call omprog and give it the template name.
It should then execute the program and ARGV0 will be the contents of the
template.
Is that correct?
I don't know, I haven't used omprog yet.
If so then can you tell my error from the following?
#55-alert.conf
$ModLoad omprog
$Template, AlertMSG, "Test Alert\r\n%HOSTNAME%\r\n%timegenerated%\r\n%msg%"
$ActionOMProgBinary /usr/bin/alert_mail
:msg,contains,"warning" :omprog:;AlertMSG
Also I take it %msg% contains the whole message as sent to syslog?
it contains the message, but the message is everything after the syslog
tag, not the timestamp, hostname, etc. you may want to use %rawmsg%
instead which is _everything_ that was received.
The last question i have it how do i restrict this to just alert me for
queue local5.*
multiple conditions gets uglier. there are three possible approaches
1. go to the less efficient if (( condition) and (condition)) decisioning
approach
2. carefully order your rules and have the rules prior to this throw away
all messages that are not local5.*
3. use multiple rulesets and have a condition that sends only local5.*
rules to a ruleset that contains this rule.
David Lang
Thanks
Mark
On 16 December 2010 14:46, <[email protected]> wrote:
I'm not familiar with sending things to scripts like this, but in general
when something isn't working the way you think it should, the way to start
the debugging is to fire up rsyslog with debug enabled. usually the startup
messages tell you what it's not able to parse.
looking at this, shouldn't it be
:msg, contains, "warning"
instead of
:msg, content "warning"
David Lang
On Thu, 16 Dec 2010, Mark Olliver wrote:
Hi All,
I am trying to get rsyslog to alert me on certain patterns in the log. At
the moment i have built a small config with the following sections
However,
nothing is the Alert script is not being triggered as far as i can tell. I
have tested the alert script and it works ok.
#/etc/rsyslog.d/55-alert.conf
$template Alert, "'Rsyslog Alert' %msg%"
local5.info
:msg, content "warning"
^/var/c+i/bin/mail_alert Alert
I am testing the above by running the following command on the cli.
echo "warning: test message" | logger -t puppet -p local5.info
This does correctly log into my local.5 log in /var/logs .
Any ideas would be welcome.
Thanks
Mark
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
