think i'm going to post over in rsyslog, probably not an SEC issue.
On Wed, Jun 26, 2013 at 7:58 PM, Orangepeel Beef
<orangepeelb...@gmail.com>wrote:
> tried that, no output ever written, the outfile isn't even created.
>
>
> On Wed, Jun 26, 2013 at 4:42 PM, David Lang <da...@lang.hm> wrote:
>
>> On Wed, 26 Jun 2013, Orangepeel Beef wrote:
>>
>> any suggestions on how to make that work? all the ways i have tried do
>>> not
>>> work when rsyslog executes them but work when i do it manually as the
>>> syslog user
>>>
>>
>> try putting the redirected output into /tmp where you know that you have
>> permission to write.
>>
>> David Lang
>>
>>
>>> On Wed, Jun 26, 2013 at 4:01 PM, David Lang <da...@lang.hm> wrote:
>>>
>>> try changing sec-comware to redirect stdout and stderr from sec to some
>>>> file so that you can see what it's complaining about.
>>>>
>>>> David Lang
>>>>
>>>> On Wed, 26 Jun 2013, Orangepeel Beef wrote:
>>>>
>>>> Date: Wed, 26 Jun 2013 16:56:04 -0700
>>>>
>>>>> From: Orangepeel Beef <orangepeelb...@gmail.com>
>>>>> To: simple-evcorr-users@lists.**so**urceforge.net<http://sourceforge.net>
>>>>> <simple-evcorr-**us...@lists.sourceforge.net<simple-evcorr-users@lists.sourceforge.net>
>>>>> >
>>>>>
>>>>> Subject: [Simple-evcorr-users] rsyslog omprog + SEC
>>>>>
>>>>>
>>>>> Having issues with rsyslog + SEC. The re_match's seem to be working
>>>>> (I
>>>>> can see rsyslog launching the /usr/lcoal/sbin/sec_comware script) but
>>>>> the
>>>>> script seems to terminate instantly without any indication of why its
>>>>> doing
>>>>> so.
>>>>>
>>>>> from rsyslog debug logs..
>>>>>
>>>>> 0809.267568155:7f2ed2e89700: Called action(Batch), logging to omprog
>>>>> 0809.267571242:7f2ed2e89700: submitBatch: enter, nElem 1
>>>>> 0809.267574040:7f2ed2e89700: tryDoAction 0x1d8a4a0, pnElem 1, nElem 1
>>>>> 0809.267577349:7f2ed2e89700: scriptExec: batch of 1 elements, active
>>>>> (nil),
>>>>> active[0]:1
>>>>> 0809.267579849:7f2ed2e89700: IF
>>>>> 0809.267585573:7f2ed2e89700: function 're_match' (id:7, params:2)
>>>>> 0809.267595324:7f2ed2e89700: var '$fromhost'
>>>>> 0809.267604389:7f2ed2e89700: string '^(as|cs|r).*'
>>>>> 0809.267615970:7f2ed2e89700: eval expr 0x1d8a920, type 'F[70]'
>>>>> 0809.267618634:7f2ed2e89700: rainerscript: executing function id 7
>>>>> 0809.267621398:7f2ed2e89700: eval expr 0x1d8a410, type 'V[86]'
>>>>> 0809.267624950:7f2ed2e89700: rainerscript: var '$fromhost': '
>>>>> r0507.mydomain.com'
>>>>> 0809.267628549:7f2ed2e89700: batch: item 0: expr eval: 1
>>>>> 0809.267631336:7f2ed2e89700: scriptExec: batch of 1 elements, active
>>>>> 0x7f2ec40008e0, active[0]:1
>>>>> 0809.267633685:7f2ed2e89700: ACTION 0x1d8b970 [:omprog:]
>>>>> 0809.267639989:7f2ed2e89700: RRRR: execAct [omprog]: batch of 1
>>>>> elements,
>>>>> active 0x7f2ec40008e0
>>>>> 0809.267642986:7f2ed2e89700: Called action(NotAllMark), processing
>>>>> batch[0]
>>>>> via 'omprog'
>>>>> 0809.267645525:7f2ed2e89700: Called action(Batch), logging to omprog
>>>>> 0809.267649554:7f2ed2e89700: submitBatch: enter, nElem 1
>>>>> 0809.267652361:7f2ed2e89700: tryDoAction 0x1d8b970, pnElem 1, nElem 1
>>>>> 0809.267655016:7f2ed2e89700: Action 0x1d8b970 transitioned to state:
>>>>> itx
>>>>> 0809.267657566:7f2ed2e89700: entering actionCalldoAction(), state: itx
>>>>> 0809.267662537:7f2ed2e89700: Program ''/usr/local/sbin/sec_comware'**
>>>>> **'
>>>>>
>>>>> terminated, trying to restart
>>>>> 0809.267669158:7f2ed2e89700: waitpid() returned state -1[No child
>>>>> processes], future malfunction may happen
>>>>> 0809.267675069:7f2ed2e89700: executing program
>>>>> ''/usr/local/sbin/sec_comware'****'
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> #rsyslog config
>>>>>
>>>>> $ModLoad imudp
>>>>> $UDPServerRun 514
>>>>> $ModLoad omprog
>>>>>
>>>>>
>>>>> $template REMOTE,"/opt/log/remote/%****fromhost%/%$YEAR%-%$MONTH%-%$**
>>>>> **
>>>>>
>>>>> DAY%.log"
>>>>>
>>>>> if re_match($fromhost,'^lb.*') then {
>>>>> $actionomprogbinary '/usr/local/sbin/sec_****netscaler'
>>>>> *.* :omprog:
>>>>> }
>>>>>
>>>>> if re_match($fromhost,'^(as|cs|r)****.*') then {
>>>>>
>>>>> $actionomprogbinary '/usr/local/sbin/sec_comware'
>>>>> *.* :omprog:
>>>>> }
>>>>> #stop so we don't process remote logs in the 50-default
>>>>> if $fromhost-ip !='127.0.0.1' then {
>>>>> ?REMOTE
>>>>> stop
>>>>> }
>>>>>
>>>>> #sec-comware
>>>>> #!/bin/bash
>>>>> CONF=comware
>>>>> /usr/local/sbin/sec -conf=/usr/local/etc/sec/$CONF
>>>>> -pid=/tmp/sec-$CONF.pid
>>>>> -dump=/tmp/sec-$CONF.dump -debug=5 -syslog=local1 -intevents -input=-
>>>>>
>>>>>
>>>>>
>>>
>
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
