Hi,

I am trying to get an alert on mail when someone changes the syslog IP, i am using below config,

<Input file> Module im_file File "/opt/nxlog/var/log/*.log" <Exec> if $raw_event =~ /Syslog Server IP was changed from/ { exec_async("/bin/sh", "-c", 'echo "' + $Hostname + $raw_event + '"|/usr/bin/mailx -a "Content-Type: text/plain; charset=UTF-8" -s "ALERT" ' + 'user@domaincom'); } </Exec> </Input>

everytime when i see "Syslog Server IP was changed from" on log file i am getting "RROR subprocess 'xxxxx' returned a non-zero exit value of 1" on nxlog log file.

i am on CentOS 7 .... can anyone help..

BR//SAJESH