O que há de errado com essa regra rsyslog?

Question

O que há de errado com essa regra rsyslog?

Navegue suas respostas

1

Estou tentando manipular parte de um log com um programa:

if $programname == 'Security-Alert' then |/usr/local/bin/handler

O script do manipulador funciona se eu chamar echo blabla | /usr/local/bin/handler .

Agora não tenho saída com logger -t Security-Alert 'This is an alert'

Saída de depuração:

5210.871815399:b75a66c0: requested to include config file '/etc/rsyslog.d/60-sec.conf'
5210.871846408:b75a66c0: cfline: 'if $programname == 'Security-Alert' then |/usr/local/bin/handler'
5210.871865404:b75a66c0:  - general expression-based filter
5210.871886077:b75a66c0: skipped whitespace, stream now '$programname == 'Security-Alert' then |/usr/local/bin/handler'
5210.871907588:b75a66c0: ctok_token 0x8206dc8: token: 13
5210.871936361:b75a66c0: expr 0x8206a78: MSGVAR
5210.871959828:b75a66c0: skipped whitespace, stream now '== 'Security-Alert' then |/usr/local/bin/handler'
5210.871977706:b75a66c0: ctok_token 0x8206dc8: token: 100
5210.872020448:b75a66c0: expr 0x8206a78: cmp
5210.872041959:b75a66c0: skipped whitespace, stream now ''Security-Alert' then |/usr/local/bin/handler'
5210.872060397:b75a66c0: ctok_token 0x8207630: token: 14
5210.872079952:b75a66c0: expr 0x8206a78: simpstr
5210.872109005:b75a66c0: skipped whitespace, stream now 'then |/usr/local/bin/handler'
5210.872125766:b75a66c0: skipped whitespace, stream now 'then |/usr/local/bin/handler'
5210.872146439:b75a66c0: ctok_token 0x8207630: token: 18
5210.872166832:b75a66c0: expr 0x8206a78: successfully parsed/created expression
5210.872187225:b75a66c0: tried selector action for builtin-file: -2001
5210.872229408:b75a66c0: tried selector action for builtin-pipe: 0
5210.872246170:b75a66c0: Module builtin-pipe processed this config line.
5210.872269915:b75a66c0: template: 'RSYSLOG_TraditionalFileFormat' assigned
5210.872286677:b75a66c0: info: firehose mode disabled for action because iExecEveryNthOccur=0, ReduceRepeated=1, iSecsExecOnceInterval=0
5210.872309305:b75a66c0: action 11 queue: save on shutdown 1, max disk space allowed 0
5210.872340034:b75a66c0: action 11 queue: type 3, enq-only 0, disk assisted 0, maxFileSz 1048576, lqsize 0, pqsize 0, child 0, full delay 970, light delay 700, deq batch size 16 starting
5210.872360148:b75a66c0: Action 0x8207868: queue 0x8207910 created
5210.872378307:b75a66c0: selector line successfully processed

Alguém tem uma dica?

rsyslog

por daisy 22.11.2012 / 04:36

0 respostas

Tags rsyslog

Erro de syslog Kronos do Projeto XCP: “irq…: nobody cared” no host Dom0 Migrando do tomcat para o servidor tc - recebendo java.sql.SQLException na inicialização