No worries Mike! Let me know if it doesn't work tomorrow. Cheers, Mike Redbourne
________________________________ From: Michael A Hawkins <mhawk...@wantegrity.com> Sent: Monday, January 20, 2025 4:10 PM To: Redbourne,Michael <michael.redbou...@bulletproofsi.com>; rsyslog-users <rsyslog@lists.adiscon.com> Subject: Re: [rsyslog] ommail module CAUTION: The Sender is located Outside The Organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Fantastic! I will try this out tomorrow. Many, many, thanks for helping me out. I was just about to start looking through completely unchartered source files. Bravo! -- Wantegrity Inc. Michael A Hawkins, President Stamford, CT 06902 USA Mobile: 203-550-5502 On Mon, 2025-01-20 at 04:44 +0000, Redbourne,Michael wrote: > > Hey Mike, > > The directive you're looking for (which is described in the docs - I missed > it) is just a straight template="body." > Don't put "body." in front of the conf declaration. Here's the raw C-code > though for ommail - > >https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Frsyslog%2Frsyslog%2Fblob%2Fmaster%2Fplugins%2Fommail%2Fommail.c&data=05%7C02%7Cmichael.redbourne%40bulletproofsi.com%7C8d47e40698494d5bc85d08dd3910bebc%7C9a63d13853ea411bbe8458b7e2570747%7C1%7C0%7C638729466292629755%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=ddMg8dKTKFj%2BIHAEYCjStu%2FEY5hU3Bi1xgVxTODNKqE%3D&reserved=0<https://github.com/rsyslog/rsyslog/blob/master/plugins/ommail/ommail.c>. > > Scroll down to line 120 (subject.template) > and 123 (template). 123 is the body equivalent to L120. I'm not sure why > Rainer didn't keep the variable naming > consistent there. > > > template (name="mailBody" type="string" string="RSYSLOG > Alert\\r\\nmsg='%msg%'") > template (name="mailSubjectAdmin" type="string" string="ALERT: We got an > Admin login/logoff on %hostname%") > > > if $msg contains 'logdesc="Admin' then { > action(type="ommail" server="172.16.31.15" port="25" > mailfrom="n...@wantegrity.com" > mailto=["mhawk...@wantegrity.com", "r...@saturn.home"] > subject.template="mailSubjectAdmin" > body.enable="on" > > template="mailBody" > action.execonlyonceeveryinterval="2" > action.execOnlyWhenPreviousIsSuspended="off" > ) > } > > > > > Cheers, > Mike > > > > From: Michael A Hawkins <mhawk...@wantegrity.com> > Sent: Monday, January 20, 2025 3:26 PM > To: Redbourne,Michael <michael.redbou...@bulletproofsi.com>; rsyslog-users > <rsyslog@lists.adiscon.com> > Subject: Re: [rsyslog] ommail module > > > > > CAUTION: The Sender is located Outside The Organization. Do not click links > or open attachments unless you recognize > the sender and know the content is safe. > > > Thanks Michael, > > My ommail rule works OK. There is an email body. But it only contains the > syslog message itself. Which is good that > it's > there. But the examples 1 and 2 within > https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.rsyslog.com%2Fdoc%2Fconfiguration%2Fmodules%2Fommail.html&data=05%7C02%7Cmichael.redbourne%40bulletproofsi.com%7C8d47e40698494d5bc85d08dd3910bebc%7C9a63d13853ea411bbe8458b7e2570747%7C1%7C0%7C638729466292648115%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=0gxAxp%2FiyQxoUFsUrz%2FEmEvr5u6ASZBOo6csT1myIoo%3D&reserved=0<https://www.rsyslog.com/doc/configuration/modules/ommail.html> > show definitions of > a "mailBody" template: > > template (name="mailBody" type="string" string="RSYSLOG > Alert\\r\\nmsg='%msg%'") > > But then, in the body of the those two examples message 'action' sections, > the "mailBody" template is not actually > assigned to anything (but the mailSubject template is - and the subject > template works). > > So I am wondering how to apply the "mailBody" template to the action. The > examples don't appear to have applied the > mailBody template to anything at all. > > Perhaps I should ask this question instead. Where in the rsyslog code base, > will I find the code for ommail module? So > that I can try to find the directives that are available. Because the > documentation might be incomplete on templates. > > -- > Wantegrity Inc. > Michael A Hawkins, President > Stamford, CT 06902 USA > Mobile: 203-550-5502 > > > > On Mon, 2025-01-20 at 03:48 +0000, Redbourne,Michael wrote: > > > > Hey Mike H, > > > > We (the community) and rsyslog/adiscon are getting your emails. Ommail was > > written by Adiscon (makers of rsyslog). > > It > > was specifically written by Rainer, the lead author. It's possible no one > > knows why and hasn't jumped in. Have you > > tried capturing the traffic at the rsyslog server headed towards the SMTP > > server? Eg: tcpdump -i any port 25 and > > host > > 172.16.31.15 -w /tmp/outbound-smtp.pcap > > > > If you're not seeing the email body in the packet it's possible the module > > is bugged. If you see the body of the > > email > > in the packet, it's probably not a rsyslog issue. You can also try forcibly > > setting Body.Enable = "on". > > "body.template" is not a valid directive according to the docs. > > https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.rsyslog.com%2Fdoc%2Fconfiguration%2Fmodules%2Fommail.html&data=05%7C02%7Cmichael.redbourne%40bulletproofsi.com%7C8d47e40698494d5bc85d08dd3910bebc%7C9a63d13853ea411bbe8458b7e2570747%7C1%7C0%7C638729466292658985%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=qOnbRuCd0Daz%2BqZiu7yXuINrMLWnB0OKAPTYPR%2F9B1Q%3D&reserved=0<https://www.rsyslog.com/doc/configuration/modules/ommail.html> > > > > > > > > > > if $msg contains 'logdesc="Admin' then { > > action(type="ommail" server="172.16.31.15" port="25" > > mailfrom="n...@wantegrity.com" > > mailto=["mhawk...@wantegrity.com", "r...@saturn.home"] > > subject.template="mailSubjectAdmin" > > body.enable="on" > > action.execonlyonceeveryinterval="2" > > action.execOnlyWhenPreviousIsSuspended="off" > > ) > > } > > > > > > > > > > > > > > > > > > > > From: rsyslog <rsyslog-boun...@lists.adiscon.com> on behalf of Michael A > > Hawkins via rsyslog > > <rsyslog@lists.adiscon.com> > > Sent: Monday, January 20, 2025 1:40 PM > > To: rsyslog-users <rsyslog@lists.adiscon.com> > > Cc: Michael A Hawkins <mhawk...@wantegrity.com> > > Subject: [rsyslog] ommail module > > > > > > > > > > CAUTION: The Sender is located Outside The Organization. Do not click links > > or open attachments unless you recognize > > the sender and know the content is safe. > > > > > > Perhaps someone could point out to me why I am not getting any response > > from anyone. I guess this is my last time > > asking. Perhaps I am on the wrong email group? Is ommail something that is > > supported by the rsyslog team directly? > > Or > > is > > it managed by someone else? > > > > Hello to everyone, > > > > I have the following ommail conf file and it is working except that the > > mailBody template is not applied to outgoing > > emails. I searched the documentation and searched the Internet looking for > > a way to apply a mailBody template to the > > body of the email but found nothing. You can see I tried body.template but > > that didn't work. Does anyone have any > > suggestions? > > > > template (name="mailBody" type="string" string="RSYSLOG > > Alert\\r\\nmsg='%msg%'") > > template (name="mailSubjectAdmin" type="string" string="ALERT: We got an > > Admin login/logoff on %hostname%") > > > > if $msg contains 'logdesc="Admin' then { > > action(type="ommail" server="172.16.31.15" port="25" > > mailfrom="n...@wantegrity.com" > > mailto=["mhawk...@wantegrity.com", "r...@saturn.home"] > > subject.template="mailSubjectAdmin" > > # body.template="mailBody" <<<<<<<<<<<<<<<<< this does not work (when > > uncommented) > > action.execonlyonceeveryinterval="2" > > action.execOnlyWhenPreviousIsSuspended="off" > > ) > > } > > > > /Mike H > > > > -- > > Wantegrity Inc. > > Michael A Hawkins, President > > Stamford, CT 06902 USA > > Mobile: 203-550-5502 > > > > > > > > On Sat, 2025-01-11 at 09:12 -0500, Michael A Hawkins via rsyslog wrote: > > > > > > Hello everyone, > > > > > > I have the following conf file and it is working except that the mailBody > > > template is not applied to outgoing > > > emails. > > > I searched the documentation and searched the Internet looking for a way > > > to apply the mailBody template to the > > > body > > > of > > > the email but found nothing. You can see I tried body.template but that > > > didn't work. Does anyone have any > > > suggestions? > > > > > > > > > template (name="mailBody" type="string" string="RSYSLOG > > > Alert\\r\\nmsg='%msg%'") > > > template (name="mailSubjectAdmin" type="string" string="ALERT: We got an > > > Admin login/logoff on %hostname%") > > > > > > if $msg contains 'logdesc="Admin' then { > > > action(type="ommail" server="172.16.31.15" port="25" > > > mailfrom="n...@wantegrity.com" > > > mailto=["mhawk...@wantegrity.com", "r...@saturn.home"] > > > subject.template="mailSubjectAdmin" > > > # body.template="mailBody" <<<<<<<<<<<<<<<<< this does not work (when > > > uncommented) > > > action.execonlyonceeveryinterval="2" > > > action.execOnlyWhenPreviousIsSuspended="off" > > > ) > > > } > > > > > > /Mike H > > > _______________________________________________ > > > rsyslog mailing list > > > https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.adiscon.net%2Fmailman%2Flistinfo%2Frsyslog&data=05%7C02%7Cmichael.redbourne%40bulletproofsi.com%7C8d47e40698494d5bc85d08dd3910bebc%7C9a63d13853ea411bbe8458b7e2570747%7C1%7C0%7C638729466292669275%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=BgbH66rRmxswVCKkoSggJeevha9Tn6GZi6qVsmbdjxE%3D&reserved=0<https://lists.adiscon.net/mailman/listinfo/rsyslog> > > > https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.rsyslog.com%2Fprofessional-services%2F&data=05%7C02%7Cmichael.redbourne%40bulletproofsi.com%7C8d47e40698494d5bc85d08dd3910bebc%7C9a63d13853ea411bbe8458b7e2570747%7C1%7C0%7C638729466292680067%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=kCLxOnC6uyAF2FWMRlmeTXIvra9ZTLJ4voDyV4RMyZ0%3D&reserved=0<http://www.rsyslog.com/professional-services/> > > > What's up with rsyslog? Follow > > > https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Frgerhards&data=05%7C02%7Cmichael.redbourne%40bulletproofsi.com%7C8d47e40698494d5bc85d08dd3910bebc%7C9a63d13853ea411bbe8458b7e2570747%7C1%7C0%7C638729466292690792%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=rBvbTy54xttM4Qlv19s5B4lExyDXIO%2F9uv3Zqtx2zBA%3D&reserved=0<https://twitter.com/rgerhards> > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > > > of sites beyond our control. PLEASE > > > UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. > > > > > _______________________________________________ > > rsyslog mailing list > > https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.adiscon.net%2Fmailman%2Flistinfo%2Frsyslog&data=05%7C02%7Cmichael.redbourne%40bulletproofsi.com%7C8d47e40698494d5bc85d08dd3910bebc%7C9a63d13853ea411bbe8458b7e2570747%7C1%7C0%7C638729466292701688%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=NNXklRbY%2FuudQdF8k15RDnljgf5IabZZdPB%2BVq5I30g%3D&reserved=0<https://lists.adiscon.net/mailman/listinfo/rsyslog> > > https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.rsyslog.com%2Fprofessional-services%2F&data=05%7C02%7Cmichael.redbourne%40bulletproofsi.com%7C8d47e40698494d5bc85d08dd3910bebc%7C9a63d13853ea411bbe8458b7e2570747%7C1%7C0%7C638729466292712352%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=OCf5heEu68iK6WqMazyfqrVnrQjZOCLXcHJLaCcANto%3D&reserved=0<http://www.rsyslog.com/professional-services/> > > What's up with rsyslog? Follow > > https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Frgerhards&data=05%7C02%7Cmichael.redbourne%40bulletproofsi.com%7C8d47e40698494d5bc85d08dd3910bebc%7C9a63d13853ea411bbe8458b7e2570747%7C1%7C0%7C638729466292722853%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=xxWeLIyfqX1648W%2FG2WJblmGyq1sHeMJ1yd5Sfhv%2Bdo%3D&reserved=0<https://twitter.com/rgerhards> > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > > sites beyond our control. PLEASE > > UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. > > ________________________________________ > > This e-mail communication (including any or all attachments) is intended > > only for the use of the person or entity to > > which it is addressed and may contain confidential and/or privileged > > material. If you are not the intended recipient > > of this e-mail, any use, review, retransmission, distribution, > > dissemination, copying, printing, or other use of, or > > taking of any action in reliance upon this e-mail, is strictly prohibited. > > If you have received this e-mail in > > error, > > please contact the sender and delete the original and any copy of this > > e-mail and any printout thereof, immediately. > > If you have any questions or concerns, please contact our Customer Service > > Desk at 1-877-274-2349. Your co-operation > > is appreciated. > > > > Le présent courriel (y compris toute pièce jointe) s'adresse uniquement à > > son destinataire, qu'il soit une personne > > ou > > un organisme, et pourrait comporter des renseignements privilégiés ou > > confidentiels. Si vous n'êtes pas le > > destinataire du courriel, il est interdit d'utiliser, de revoir, de > > retransmettre, de distribuer, de disséminer, de > > copier ou d'imprimer ce courriel, d'agir en vous y fiant ou de vous en > > servir de toute autre façon. Si vous avez > > reçu > > le présent courriel par erreur, prière de communiquer avec l'expéditeur et > > d'éliminer l'original du courriel, ainsi > > que toute copie électronique ou imprimée de celui-ci, immédiatement. Si > > vous avez des questions ou des > > préoccupations, > > veuillez contacter notre centre de service à la clientèle au > > 1-877-274-2349. Nous sommes reconnaissants de votre > > collaboration. > > ________________________________________ _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
