[rsyslog] errors from "omprog" script

Hello, I am using custom python script to process logs, and ban offending IPs: local0.* action(type="omprog" name="asterisk" binary="/usr/local/sbin/asterisk.py") When my script generates some error, I don't see it anywhere in the logs (but I do see python errors when I run my script

[rsyslog] syslogtag: only log daemon name, without the [pid]

Hello, I have defined my own template for logging: $template long-iso,"%$NOW% %timereported:8:15% %syslogtag% %msg%\n" Which logs in following format: 2021-08-14 05:55:31 sshd[1856]: message How can I make the %syslogtag% to only log daemon name, without the [pid] part ? I am using

[rsyslog] combining multiple filters

Hello, How can I filter messages that satisfy both conditions at the same time? :syslogtag, startswith, "dovecot"stop :msg, startswith, "imap-login " stop I am using rsyslog 8.1901.0-1 on Debian 10 thanks, ___ rsyslog mailing list

Re: [rsyslog] errors from omprog script

> On 2021-01-15 19:57, John Chivian wrote: The python script should trap its own stderr (and/or stdout) and write it to a separate file. but what if there is syntax error in my script? Where can I see this error? thanks, ___ rsyslog mailing list

[rsyslog] errors from omprog script

Hello I am using omprog, to send logs to my script: mail.* action(type="omprog" binary="/usr/bin/blacklist.py ... ) If my script generates errors, where can I see these errors? I looked in my main syslog log file, but there is nothing. I can run my script from commandline, and see the

[rsyslog] rsyslog tries to open network socket when (re)started

Hello, every time I restart rsyslog, it tries to open network socket on my main interface eth0 and on 127.0.1.1 I assume this is to resolve my hostname ? I have added all IPs to /etc/hosts, so that rsyslog does not need to resolve any hostnames 127.0.0.1localhost 127.0.1.1myhost

Re: [rsyslog] omprog script left running after rsyslog stopped

> On 2020-06-04 20:00, John Chivian via rsyslog wrote: From the documentation page... [omprog] Executes the configured program and feeds log messages to that binary via stdin. The binary is free to do whatever it wants with the supplied data. If the program terminates, it is re-started. If

[rsyslog] omprog script left running after rsyslog stopped

Hello, I am using omprog to send mail logs to my script: mail.* action(type="omprog" name="blacklist" binary="/usr/local/sbin/blacklist.py" template="long-iso") It works well, but I have noticed that when I stop rsyslog, the script is not terminated, but continues running. I can see the

[rsyslog] logrotate does not work when rsyslog logs via external program (omprog)

Hello, in my /etc/rsyslog.conf, I am calling external script to handle mail.* logging: mail.*action(type="omprog" name="blacklist-postfix" binary="/usr/local/sbin/postfix.py" template="long-iso") This custom script processes logs, and writes to /var/log/mail/mail.log Everything works

[rsyslog] using 2 different ActionOMProgBinary

Hello, I am using "ActionOMProgBinary" in my /etc/rsyslog.conf ... $ActionOMProgBinary /usr/local/sbin/blacklist.py ... mail.* :omprog: ... Now I actually need to define 2 different binaries, and call one for mail.* and the other for auth.* How could I do this ? I am using rsyslog