Re: [rsyslog] omprog now on v7

[David Lang]

per the page mentioned below

http://www.rsyslog.com/doc/omprog.html

the new style format should work

action(type="omprog"
           binary="/pathto/omprog.py --parm1=\"value 1\" --parm2=value2"
           template="RSYSLOG_TraditionalFileFormat")


David Lang

On Wed, 26 Jun 2013, Orangepeel Beef wrote:

That seems to have done the trick.  Is the version that allows parameters
in the devel ubuntu package yet?


On Wed, Jun 26, 2013 at 10:23 PM, Rainer Gerhards
<rgerha...@hq.adiscon.com>wrote:

On Thu, Jun 27, 2013 at 5:23 AM, Orangepeel Beef
<orangepeelb...@gmail.com>wrote:

So I got rsyslogv7 installed finally and working, the re_match filters

are

working, but it does not seem that the omprog script ever actually

executes

even though it receives a child pid, it immediately dies. No output ever
makes it to logs.  I even tried a script that just echo'd text to a file

in

/tmp and no file was ever created.  It's like the script doesn't even
execute.


#rsyslog
$ModLoad imudp
$UDPServerRun 514
$ModLoad omprog


$template REMOTE,"/opt/log/remote/%fromhost%/%$YEAR%-%$MONTH%-%$DAY%.log"

if re_match($fromhost,'^lb.*') then {
   $actionomprogbinary '/usr/local/sbin/sec_netscaler'

The quote chars are the problem. Legacy conf does not expect them and they
are treated as part of the binary - and so it can't find it (I'll check if
omprog issues an error message on "binary not found").

I suggest to use new-style config, we recently added the ability to specify
command line arguments. See:

http://www.rsyslog.com/doc/omprog.html

HTH
Rainer

   *.* :omprog:
}

if re_match($fromhost,'^(as|cs|r).*') then {
   $actionomprogbinary '/usr/local/sbin/test_script.sh'
   *.* :omprog:
}

if $fromhost-ip !='127.0.0.1' then {
  ?REMOTE
  stop
}


#/usr/local/sbin/test_script.sh
#!/bin/bash

while read LINE; do
echo "`date` ${LINE}" > /tmp/shelltest-log
done

#/usr/local/sbin/sec_netscaler
#!/bin/bash
CONF=netscaler
/usr/local/sbin/sec -conf=/etc/sec/$CONF -pid=/tmp/sec-$CONF.pid
-dump=/tmp/sec-$CONF.dump -debug=5 -syslog=local1 -intevents -input=-




#debug log
2918.868233527:7f1007e08700: rainerscript: var '$fromhost': '
r0507.mydomain.com'
2918.868247794:7f1007e08700: batch: item 0: expr eval: 0
2918.868253702:7f1007e08700: scriptExec: batch of 1 elements, active
0x7f0ff80008e0, active[0]:0
2918.868257822:7f1007e08700:     ACTION 0x8694a0 [:omprog:]
2918.868268621:7f1007e08700: RRRR: execAct [omprog]: batch of 1 elements,
active 0x7f0ff80008e0
2918.868273449:7f1007e08700: Called action(Batch), logging to omprog
2918.868281555:7f1007e08700: submitBatch: enter, nElem 1
2918.868284558:7f1007e08700: tryDoAction 0x8694a0, pnElem 1, nElem 1
2918.868287910:7f1007e08700: scriptExec: batch of 1 elements, active

(nil),

active[0]:1
2918.868290312:7f1007e08700:     IF
2918.868295910:7f1007e08700:       function 're_match' (id:7, params:2)
2918.868305628:7f1007e08700:         var '$fromhost'
2918.868314448:7f1007e08700:         string '^(as|cs|r).*'
2918.868326866:7f1007e08700: eval expr 0x869920, type 'F[70]'
2918.868329481:7f1007e08700: rainerscript: executing function id 7
2918.868332197:7f1007e08700: eval expr 0x869410, type 'V[86]'
2918.868335752:7f1007e08700: rainerscript: var '$fromhost': '
r0507.mydomain.com'
2918.868339518:7f1007e08700: batch: item 0: expr eval: 1
2918.868342296:7f1007e08700: scriptExec: batch of 1 elements, active
0x7f0ff80008e0, active[0]:1
2918.868344552:7f1007e08700:     ACTION 0x86a970 [:omprog:]
2918.868350753:7f1007e08700: RRRR: execAct [omprog]: batch of 1 elements,
active 0x7f0ff80008e0
2918.868353692:7f1007e08700: Called action(NotAllMark), processing

batch[0]

via 'omprog'
2918.868356105:7f1007e08700: Called action(Batch), logging to omprog
2918.868359681:7f1007e08700: submitBatch: enter, nElem 1
2918.868362431:7f1007e08700: tryDoAction 0x86a970, pnElem 1, nElem 1
2918.868369345:7f1007e08700: Action 0x86a970 transitioned to state: itx
2918.868372116:7f1007e08700: entering actionCalldoAction(), state: itx
2918.868377054:7f1007e08700: Program ''/usr/local/sbin/test_script.sh''
terminated, trying to restart
2918.868383574:7f1007e08700: waitpid() returned state -1[No child
processes], future malfunction may happen
2918.868389033:7f1007e08700: executing program
''/usr/local/sbin/test_script.sh''
2918.868542660:7f1007e08700: child has pid 9946

@
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.