run bash script when ERROR spotted in logs in nxlog
Rafalf
I am trying to run a script every time an error is found in logs
Module xm_exec
Module im_file
File "/home/rafal/gitprojects/mst-sender/hub.cloudradar-error.log"
if $raw_event =~ /(\S+)\ (.+) \[ERROR (.+)/
{
exec_async("/bin/sh", "/home/rafal/gitprojects/mst-sender/run.sh");
}
From the documentation it looks like it should exec async if regex matches but I am seeing only the following log WARNING not starting unused module in and the script is not executed. I don't need to output it, only run that script.
I added a route but this aint helping too
Module om_null
# Basic route
Path in => out1
I created another config file as follows just to log a warning but again its not getting executed
define ACTION { log_warning("dropping message"); drop(); }
Module xm_exec
Module im_file
File 'D:\mst-sender\hub.cloudradar-error.log'
Exec if $raw_event =~ /ERROR/ %ACTION%
Module om_null
# Basic route
Path in => out1
and here is my config file
04/Apr/2020:20:55:33 +0000 [ERROR 0 /hub.cloudradar.php] PHP message: PHP Notice: Indirect modification of overloaded element of Silex\Application has no effect in /var/www/hub/src/app.php on line 96
04/Apr/2020:20:55:33 +0000 [ERROR 0 /hub.cloudradar.php] PHP message: PHP Notice: Indirect modification of overloaded element of Silex\Application has no effect in /var/www/hub/src/app.php on line 96
**UPDATE**
I found the problem. It's a silly mistake of mine
You need to **make changes** in the log file to see the log lines being parsed.