1 |
Apparently, though unproven, at 00:25 on Tuesday 23 November 2010, Alex |
2 |
Schuster did opine thusly: |
3 |
|
4 |
> Stroller writes: |
5 |
> > All I want is a simple email notification when $string appears in the |
6 |
> > log. |
7 |
> > |
8 |
> > I'm actually a little surprised that there isn't a syslogger which can |
9 |
> > parse stuff as it writes it out, and thus perform actions, such as |
10 |
> > mailing. I'm assuming there isn't, since no-one has mentioned it. |
11 |
> |
12 |
> If you only neet to filter for single lines, I'd think every syslogger can |
13 |
> do this. I have this in /etc/metalog.conf: |
14 |
|
15 |
Assuming that the thing you are monitoring actually logs to syslog. Many |
16 |
don't, and just write their own log files to some arb place. |
17 |
|
18 |
|
19 |
|
20 |
|
21 |
> |
22 |
> ISDN calls : |
23 |
> facility = "kern" |
24 |
> regex = "isdn_tty: call from" |
25 |
> logdir = "/var/log/callers" |
26 |
> command = "/usr/local/sbin/ring.sh" |
27 |
> |
28 |
> Password failures : |
29 |
> regex = "(password|login|authentication)\s+(fail|invalid)" |
30 |
> regex = "(failed|invalid)\s+(password|login|authentication|user)" |
31 |
> regex = "ILLEGAL ROOT LOGIN" |
32 |
> logdir = "/var/log/pwdfail" |
33 |
> # command = "/usr/local/sbin/mail_pwd_failures.sh" |
34 |
> |
35 |
> The scripts get the syslog line as argument. However, the |
36 |
> mail_pwd_failures.sh script would be called twice because I get two |
37 |
> matching lines when I give a wrong password (one by pam_unix, one by |
38 |
> pam_authenticate). |
39 |
> |
40 |
> Wonko |
41 |
|
42 |
-- |
43 |
alan dot mckinnon at gmail dot com |