pipe syslog records to a script
Ernie Luzar
luzar722 at gmail.com
Tue Apr 11 19:18:58 UTC 2017
Ben Woods wrote:
> On 4 April 2017 at 05:41, Ernie Luzar <luzar722 at gmail.com
> <mailto:luzar722 at gmail.com>> wrote:
>
> Hello list;
>
> In syslog.conf I have these 2 lines.
> local0.* /var/log/security
> local0.* | exec /usr/local/bin/ipf.table
>
> The security log file is being populated and working fine.
> Now I want to pipe the same log records to a script for processing.
>
> The ipf.table script looks like this
>
> #! /bin/sh
> $1 >> /var/log/ipf.table.log1
> $@ >> /var/log/ipf.table.log2
> $* >> /var/log/ipf.table.log3
>
> service syslogd restart
>
> The ipf.table.log1, 2, 3 never get populated even though I see new
> entries in the security.log file.
>
> What am I doing wrong here?
>
>
>
> Hi Ernie,
>
> I never even realised there was a feature in FreeBSD's syslog to pipe
> the log to a command. Interesting!
>
> I have just played around with this, and the problem you are facing is
> that the log entry is piped to the command as stdin, not passed as an
> argument.
>
> Use something like the following in your script to process the log as stdin:
> while read LINE; do
> echo ${LINE} >> /var/log/ipf.table.log1
> done
>
> Good luck!
>
> Regards,
> Ben
Ben;
Thanks for the feedback.
By trial and error I also came to the same conclusion,
More information about the freebsd-questions
mailing list