I am trying to get an alert on mail when someone changes the syslog IP, i am using below config,

<Input file>
Module im_file
File "/opt/nxlog/var/log/*.log"
if $raw_event =~ /Syslog Server IP was changed from/
exec_async("/bin/sh", "-c", 'echo "' + $Hostname +
$raw_event +
'"|/usr/bin/mailx -a "Content-Type: text/plain; charset=UTF-8" -s "ALERT" ' +

everytime when i see "Syslog Server IP was changed from" on log file i am getting "RROR subprocess 'xxxxx' returned a non-zero exit value of 1" on nxlog log file.

i am on CentOS 7 .... can anyone help..


AskedAugust 14, 2019 - 6:27am

Comments (1)

  • Zhengshi's picture

    I would suggest trying to run the command outside of NXLog to see if the options are good on your system. You can replace $Hostname and $raw_event with static text for the test.

Answers (0)