I'm running rsyslogd 7.4.1, compiled with: FEATURE_REGEXP: Yes FEATURE_LARGEFILE: No GSSAPI Kerberos 5 support: Yes FEATURE_DEBUG (debug build, slow code): No 32bit Atomic operations supported: Yes 64bit Atomic operations supported: Yes Runtime Instrumentation (slow code): No uuid support: Yes
from the stable repository. I tried using parameters and they did not work. I'm guessing I need to be on devel? On Wed, Jun 26, 2013 at 10:56 PM, David Lang <[email protected]> wrote: > per the page mentioned below > > > http://www.rsyslog.com/doc/**omprog.html<http://www.rsyslog.com/doc/omprog.html> >>> >> > the new style format should work > > action(type="omprog" > binary="/pathto/omprog.py --parm1=\"value 1\" --parm2=value2" > template="RSYSLOG_**TraditionalFileFormat") > > > David Lang > > > On Wed, 26 Jun 2013, Orangepeel Beef wrote: > > That seems to have done the trick. Is the version that allows parameters >> in the devel ubuntu package yet? >> >> >> On Wed, Jun 26, 2013 at 10:23 PM, Rainer Gerhards >> <[email protected]>**wrote: >> >> On Thu, Jun 27, 2013 at 5:23 AM, Orangepeel Beef >>> <[email protected]>**wrote: >>> >>> So I got rsyslogv7 installed finally and working, the re_match filters >>>> >>> are >>> >>>> working, but it does not seem that the omprog script ever actually >>>> >>> executes >>> >>>> even though it receives a child pid, it immediately dies. No output ever >>>> makes it to logs. I even tried a script that just echo'd text to a file >>>> >>> in >>> >>>> /tmp and no file was ever created. It's like the script doesn't even >>>> execute. >>>> >>>> >>>> #rsyslog >>>> $ModLoad imudp >>>> $UDPServerRun 514 >>>> $ModLoad omprog >>>> >>>> >>>> $template REMOTE,"/opt/log/remote/%**fromhost%/%$YEAR%-%$MONTH%-%$** >>>> DAY%.log" >>>> >>>> if re_match($fromhost,'^lb.*') then { >>>> $actionomprogbinary '/usr/local/sbin/sec_**netscaler' >>>> >>>> >>> The quote chars are the problem. Legacy conf does not expect them and >>> they >>> are treated as part of the binary - and so it can't find it (I'll check >>> if >>> omprog issues an error message on "binary not found"). >>> >>> I suggest to use new-style config, we recently added the ability to >>> specify >>> command line arguments. See: >>> >>> http://www.rsyslog.com/doc/**omprog.html<http://www.rsyslog.com/doc/omprog.html> >>> >>> HTH >>> Rainer >>> >>> *.* :omprog: >>>> } >>>> >>>> if re_match($fromhost,'^(as|cs|r)**.*') then { >>>> $actionomprogbinary '/usr/local/sbin/test_script.**sh' >>>> *.* :omprog: >>>> } >>>> >>>> if $fromhost-ip !='127.0.0.1' then { >>>> ?REMOTE >>>> stop >>>> } >>>> >>>> >>>> #/usr/local/sbin/test_script.**sh >>>> #!/bin/bash >>>> >>>> while read LINE; do >>>> echo "`date` ${LINE}" > /tmp/shelltest-log >>>> done >>>> >>>> #/usr/local/sbin/sec_netscaler >>>> #!/bin/bash >>>> CONF=netscaler >>>> /usr/local/sbin/sec -conf=/etc/sec/$CONF -pid=/tmp/sec-$CONF.pid >>>> -dump=/tmp/sec-$CONF.dump -debug=5 -syslog=local1 -intevents -input=- >>>> >>>> >>>> >>>> >>>> #debug log >>>> 2918.868233527:7f1007e08700: rainerscript: var '$fromhost': ' >>>> r0507.mydomain.com' >>>> 2918.868247794:7f1007e08700: batch: item 0: expr eval: 0 >>>> 2918.868253702:7f1007e08700: scriptExec: batch of 1 elements, active >>>> 0x7f0ff80008e0, active[0]:0 >>>> 2918.868257822:7f1007e08700: ACTION 0x8694a0 [:omprog:] >>>> 2918.868268621:7f1007e08700: RRRR: execAct [omprog]: batch of 1 >>>> elements, >>>> active 0x7f0ff80008e0 >>>> 2918.868273449:7f1007e08700: Called action(Batch), logging to omprog >>>> 2918.868281555:7f1007e08700: submitBatch: enter, nElem 1 >>>> 2918.868284558:7f1007e08700: tryDoAction 0x8694a0, pnElem 1, nElem 1 >>>> 2918.868287910:7f1007e08700: scriptExec: batch of 1 elements, active >>>> >>> (nil), >>> >>>> active[0]:1 >>>> 2918.868290312:7f1007e08700: IF >>>> 2918.868295910:7f1007e08700: function 're_match' (id:7, params:2) >>>> 2918.868305628:7f1007e08700: var '$fromhost' >>>> 2918.868314448:7f1007e08700: string '^(as|cs|r).*' >>>> 2918.868326866:7f1007e08700: eval expr 0x869920, type 'F[70]' >>>> 2918.868329481:7f1007e08700: rainerscript: executing function id 7 >>>> 2918.868332197:7f1007e08700: eval expr 0x869410, type 'V[86]' >>>> 2918.868335752:7f1007e08700: rainerscript: var '$fromhost': ' >>>> r0507.mydomain.com' >>>> 2918.868339518:7f1007e08700: batch: item 0: expr eval: 1 >>>> 2918.868342296:7f1007e08700: scriptExec: batch of 1 elements, active >>>> 0x7f0ff80008e0, active[0]:1 >>>> 2918.868344552:7f1007e08700: ACTION 0x86a970 [:omprog:] >>>> 2918.868350753:7f1007e08700: RRRR: execAct [omprog]: batch of 1 >>>> elements, >>>> active 0x7f0ff80008e0 >>>> 2918.868353692:7f1007e08700: Called action(NotAllMark), processing >>>> >>> batch[0] >>> >>>> via 'omprog' >>>> 2918.868356105:7f1007e08700: Called action(Batch), logging to omprog >>>> 2918.868359681:7f1007e08700: submitBatch: enter, nElem 1 >>>> 2918.868362431:7f1007e08700: tryDoAction 0x86a970, pnElem 1, nElem 1 >>>> 2918.868369345:7f1007e08700: Action 0x86a970 transitioned to state: itx >>>> 2918.868372116:7f1007e08700: entering actionCalldoAction(), state: itx >>>> 2918.868377054:7f1007e08700: Program ''/usr/local/sbin/test_script.** >>>> sh'' >>>> terminated, trying to restart >>>> 2918.868383574:7f1007e08700: waitpid() returned state -1[No child >>>> processes], future malfunction may happen >>>> 2918.868389033:7f1007e08700: executing program >>>> ''/usr/local/sbin/test_script.**sh'' >>>> 2918.868542660:7f1007e08700: child has pid 9946 >>>> >>>> @ >>>> ______________________________**_________________ >>>> rsyslog mailing list >>>> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>>> DON'T LIKE THAT. >>>> >>>> ______________________________**_________________ >>> rsyslog mailing list >>> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>> DON'T LIKE THAT. >>> >>> ______________________________**_________________ >> rsyslog mailing list >> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> >> ______________________________**_________________ > rsyslog mailing list > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> > http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
