run bash script when ERROR spotted in logs in nxlog
I am trying to run a script every time an error is found in logs
<Extension _exec>
Module xm_exec
</Extension>
<Input in>
Module im_file
File "/home/rafal/gitprojects/mst-sender/hub.cloudradar-error.log"
<Exec>
if $raw_event =~ /(\S+)\ (.+) \[ERROR (.+)/
{
exec_async("/bin/sh", "/home/rafal/gitprojects/mst-sender/run.sh");
}
</Exec>
</Input>
From the documentation it looks like it should exec async if regex matches but I am seeing only the following log WARNING not starting unused module in and the script is not executed. I don't need to output it, only run that script.
I added a route but this aint helping too
<Output out1>
Module om_null
</Output>
<Route 1>
# Basic route
Path in => out1
</Route>
I created another config file as follows just to log a warning but again its not getting executed
define ACTION { log_warning("dropping message"); drop(); }
<Extension _exec>
Module xm_exec
</Extension>
<Input in>
Module im_file
File 'D:\mst-sender\hub.cloudradar-error.log'
Exec if $raw_event =~ /ERROR/ %ACTION%
</Input>
<Output out1>
Module om_null
</Output>
<Route 1>
# Basic route
Path in => out1
</Route>
and here is my config file
04/Apr/2020:20:55:33 +0000 [ERROR 0 /hub.cloudradar.php] PHP message: PHP Notice: Indirect modification of overloaded element of Silex\Application has no effect in /var/www/hub/src/app.php on line 96
04/Apr/2020:20:55:33 +0000 [ERROR 0 /hub.cloudradar.php] PHP message: PHP Notice: Indirect modification of overloaded element of Silex\Application has no effect in /var/www/hub/src/app.php on line 96
UPDATE
I found the problem. It's a silly mistake of mine You need to make changes in the log file to see the log lines being parsed.
Hi,
In this config:
define ACTION { log_warning("dropping message"); drop(); }
<Extension _exec>
Module xm_exec
</Extension>
<Input in>
Module im_file
File 'D:\mst-sender\hub.cloudradar-error.log'
Exec if $raw_event =~ /ERROR/ %ACTION%
</Input>
<Output out1>
Module om_null
</Output>
<Route 1>
# Basic route
Path in => out1
</Route>
You are missing the ;
in this line: Exec if $raw_event =~ /ERROR/ %ACTION%
Also, for test purposes, you can set it to log errors to a file using om_file
, that way you can confirm that your regex is working and picking up events.
I hope this is good enough to get you going.
~MisaZ