Date: Sat, 09 Mar 2002 17:55:46 -0500 From: "Eric I. Arnoth" <earnoth@comcast.net> To: "Crist J. Clark" <cjc@FreeBSD.ORG> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: syslog.conf problems Message-ID: <0GSQ002AUAHYKE@mtaout01.icomcast.net> In-Reply-To: <20020222033846.MDLM14626.femail23.sdc1.sfba.home.com@there> References: <20020221030958.QQRM18863.femail11.sdc1.sfba.home.com@there> <20020221041623.Q48401@blossom.cjclark.org> <20020222033846.MDLM14626.femail23.sdc1.sfba.home.com@there>
next in thread | previous in thread | raw e-mail | index | archive | help
--Boundary_(ID_/NFTfj655l9LOLalp2NQzg)
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
Since the original thread below, I've come quite a long way in my script, but
now I have more difficult issue. Syslog calls the script correctly, but I
find it does not call the script for every instance of the event logging
which I have set it up for.
Specifically, I have written a Python script to read & parse ipfw output from
syslog. I have added the following line to my syslog.conf file:
security.* |exec /root/ipfwloggerc.py
But not every firewall log event which is written to /var/log/security
results in an execution of /root/ipfwloggerc.py. In simple tests, I
truncated the script to simply append the output to a file, and do no
processing. On the average there was between 40% - 60% execution rates
What's going on? Is this a syslog issue? If anyone replies, please be sure
to CC me, as I do not subscribe to this list anymore.
Kind regards,
Eric
On Thursday 21 February 2002 22:36, Eric I.Arnoth wrote:
> On Thursday 21 February 2002 07:16, you wrote:
> > You'll kick yourself. Is /hello_log.sh set executable?
>
> Ugghh....no, it wasn't. <sigh>
>
> Now that I chmod'd it properly, the bourne scipt runs just fine. I then
> tried to make it echo the line to my python script, thusly:
> --------------------------------------------------------
> #!/bin/sh
> read line
> echo "$line" | /hello_log.py
> --------------------------------------------------------
> It works just fine. Thus explaining to me the man page's comments about
> shell script wrapper to set up the run-once-and-die mechanism.
>
> So now that I have the proof of concept, I can do whatever I want in
> Python, such as parse the output and send it to Postgresql.
>
> Thanks much for the simple assist, though I am quite embarassed that it was
> such a simple detail. I still don't understand why the Python script on it
> won't run properly. (It is 755 perm ;-)
>
> hello_log.py
> --------------------------------------------------------
> #!/usr/local/bin/python
> import sys
>
> test_file = open("/test.out", 'a')
> test_file.write(sys.__stdin__.read())
> test_file.flush()
> test_file.close()
> sys.exit()
> --------------------------------------------------------
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
--Boundary_(ID_/NFTfj655l9LOLalp2NQzg)
Content-type: application/x-python; name=ipfwloggerc.py
Content-transfer-encoding: base64
Content-disposition: attachment; filename=ipfwloggerc.py
IyEvdXNyL2xvY2FsL2Jpbi9weXRob24KaW1wb3J0IHN5cwppbXBvcnQgb3MKaW1wb3J0IHRpbWUK
aW1wb3J0IHN5c2xvZwppbXBvcnQgdHJhY2ViYWNrCgoKaWYgX19uYW1lX189PSdfX21haW5fXyc6
CiAgICBzeXNsb2cub3BlbmxvZygiaXBmd2xvZ2dlcmMiKQogICAgdHJ5OgogICAgICAgIG91dGZp
bGUgPSBvcGVuKCIvcm9vdC90ZXN0Lm91dCIsICJhIikKICAgIGV4Y2VwdDoKICAgICAgICB0cmFj
ZWJhY2tfaW5mbyA9IHRyYWNlYmFjay5mb3JtYXRfZXhjZXB0aW9uKHN5cy5leGNfaW5mbygpWzBd
LCBcCiAgICAgICAgICAgICAgICAgICAgc3lzLmV4Y19pbmZvKClbMV0sIHN5cy5leGNfaW5mbygp
WzJdKQogICAgICAgIGZvciB0Yl9pdGVtIGluIHRyYWNlYmFja19pbmZvOgogICAgICAgICAgICBz
eXNsb2cuc3lzbG9nKHN5c2xvZy5MT0dfRVJSLCB0Yl9pdGVtKQoKICAgIG91dHB1dCA9IHN5cy5f
X3N0ZGluX18ucmVhZGxpbmUoKQogICAgb3V0ZmlsZS53cml0ZShvdXRwdXQpCiAgICBvdXRmaWxl
LmZsdXNoKCkKICAgIG91dGZpbGUuY2xvc2UoKQoK
--Boundary_(ID_/NFTfj655l9LOLalp2NQzg)
Content-type: text/plain; charset=iso-8859-1; name=test.output
Content-transfer-encoding: 7BIT
Content-disposition: attachment; filename=test.output
6:02pm[246]# wc /var/log/security
3 36 253 /var/log/security
6:03pm[247]# wc /var/log/security
13 166 1133 /var/log/security
6:04pm[248]# wc /var/log/security
14 180 1227 /var/log/security
6:05pm[249]# wc /var/log/security
20 259 1759 /var/log/security
6:05pm[250]#
--------------------------------------------------------------------------------
6:02pm[39]# wc test.out
0 0 0 test.out
6:03pm[40]# wc test.out
6 74 500 test.out
6:04pm[41]# wc test.out
7 88 594 test.out
6:05pm[42]# wc test.out
10 125 841 test.out
6:05pm[43]#
--Boundary_(ID_/NFTfj655l9LOLalp2NQzg)--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0GSQ002AUAHYKE>