Home / server / Questions / 159865
Accepted
Maciej Piechotka
Asked: 2010-07-14 00:34:39 +0800 CST

How to perform action when given syslog message arrives on UDP port

  • 772

I need to perform given action when specific message (matching for example regexp) arrives at the UDP port (syslog format). How to do this (i.e. by using already avaible softwere as opposed to writing one by hand)?

monitoring freebsd syslog

4 Answers

  1. Syslog-ng can do this with something like: 

    destination d_special { program("/usr/local/bin/script"); };
filter f_special { match("regex"); };
log { source (s_all); filter(f_special); destination(d_special); };
    • 3
  2. Best Answer

    Maybe you should have a look at rsyslog. Its syntax is much more flexible and easy than syslogd. Also is much more powerful overall.

    In any case, what you want in rsyslog would be like 

    if ( regex ) then action

& another_action # This line could be ignored if you want only one action
    • 2

  3. I guess this link to logwatch manpage will be usefull.

    • 0

  4. You can use OSSEC to watch the specific pattern and use the active response functionality to do do your desired action.

    • 0