syslog.conf - log records to a script

Ian Smith smithi at
Wed Apr 5 15:13:05 UTC 2017

In freebsd-questions Digest, Vol 670, Issue 3, Message: 7
On Tue, 04 Apr 2017 15:22:15 -0400 Ernie Luzar <luzar722 at> wrote:

 > In syslog.conf I have these 2 lines.
 > local0.*       /var/log/security
 > local0.*      | exec /usr/local/bin/ipf.table

The example in syslog.conf(5) uses no space between '|' and 'exec'.  I'm 
not sure whether that matters, but it's easy to test.

 > The security log file is being populated and working fine.
 > Now I want to pipe the same log records to a script for processing.
 > I'm using a very simple script to verify that the test script is being 
 > handed all the log records. My test ipf.table script looks like this,
 > #! /bin/sh

It's traditional (at least) to have no space between '#!' and '/bin/sh'.
I'm not entirely sure that matters either, but it's also an easy test.

 > read line
 > echo "$line" >> /var/log/ipf.table.log
 > When I issue  "service syslogd restart"  I get no errors.
 > The ipf.table.log gets populated with the first log record and them 
 > nothing happens after that even though I can see more entries being 
 > logged to /var/log/security.
 > What am I doing wrong here?

I'm not sure :)

Is /usr/local/bin/ipf.table owned by root and set executable?
Any error reports in /var/log/messages or /var/log/console.log?

cheers, Ian

More information about the freebsd-questions mailing list