syslog.conf - log records to a script

Ernie Luzar luzar722 at
Wed Apr 5 19:29:23 UTC 2017

Ian Smith wrote:
> In freebsd-questions Digest, Vol 670, Issue 3, Message: 7
> On Tue, 04 Apr 2017 15:22:15 -0400 Ernie Luzar <luzar722 at> wrote:
>  > In syslog.conf I have these 2 lines.
>  > local0.*       /var/log/security
>  > local0.*      | exec /usr/local/bin/ipf.table
> The example in syslog.conf(5) uses no space between '|' and 'exec'.  I'm 
> not sure whether that matters, but it's easy to test.
>  > The security log file is being populated and working fine.
>  > Now I want to pipe the same log records to a script for processing.
>  > 
>  > I'm using a very simple script to verify that the test script is being 
>  > handed all the log records. My test ipf.table script looks like this,
>  > 
>  > #! /bin/sh
> It's traditional (at least) to have no space between '#!' and '/bin/sh'.
> I'm not entirely sure that matters either, but it's also an easy test.
>  > read line
>  > echo "$line" >> /var/log/ipf.table.log
>  >
>  > When I issue  "service syslogd restart"  I get no errors.
>  > 
>  > The ipf.table.log gets populated with the first log record and them 
>  > nothing happens after that even though I can see more entries being 
>  > logged to /var/log/security.
>  > 
>  > What am I doing wrong here?
> I'm not sure :)
> Is /usr/local/bin/ipf.table owned by root and set executable?
> Any error reports in /var/log/messages or /var/log/console.log?
> cheers, Ian
Thank you for desk checking this. All ways better to have a second pair 
of eyes looking things over.

I made the changes you suggested and like you though it made no 
difference. The script permissions are correct. If they were not, the 
single record would not have processed.

I issued "ps ax" and I don't see the ipf.table script running.

I made this simple change to the ipf.table script;

   while read line; do
       echo "$line" >> /var/log/ipf.table.log
exit 0

Now the "ps ax" command shows it running and the /var/log/ipf.table.log 
file has the same content as the  /var/log/security file. So its working 
like I wanted. Don't understand why, but thats ok.

Thanks for your help.

More information about the freebsd-questions mailing list