pipe syslog records to a script
Ben Woods
woodsb02 at gmail.com
Tue Apr 11 14:12:22 UTC 2017
On 4 April 2017 at 05:41, Ernie Luzar <luzar722 at gmail.com> wrote:
> Hello list;
>
> In syslog.conf I have these 2 lines.
> local0.* /var/log/security
> local0.* | exec /usr/local/bin/ipf.table
>
> The security log file is being populated and working fine.
> Now I want to pipe the same log records to a script for processing.
>
> The ipf.table script looks like this
>
> #! /bin/sh
> $1 >> /var/log/ipf.table.log1
> $@ >> /var/log/ipf.table.log2
> $* >> /var/log/ipf.table.log3
>
> service syslogd restart
>
> The ipf.table.log1, 2, 3 never get populated even though I see new entries
> in the security.log file.
>
> What am I doing wrong here?
>
Hi Ernie,
I never even realised there was a feature in FreeBSD's syslog to pipe the
log to a command. Interesting!
I have just played around with this, and the problem you are facing is that
the log entry is piped to the command as stdin, not passed as an argument.
Use something like the following in your script to process the log as stdin:
while read LINE; do
echo ${LINE} >> /var/log/ipf.table.log1
done
Good luck!
Regards,
Ben
More information about the freebsd-questions
mailing list