0
answers

Hi,

I am trying to get an alert on mail when someone changes the syslog IP, i am using below config,

<Input file>
Module im_file
File "/opt/nxlog/var/log/*.log"
<Exec>
if $raw_event =~ /Syslog Server IP was changed from/
{
exec_async("/bin/sh", "-c", 'echo "' + $Hostname +
$raw_event +
'"|/usr/bin/mailx -a "Content-Type: text/plain; charset=UTF-8" -s "ALERT" ' +
'user@domaincom');
}
</Exec>
</Input>

everytime when i see "Syslog Server IP was changed from" on log file i am getting "RROR subprocess 'xxxxx' returned a non-zero exit value of 1" on nxlog log file.

i am on CentOS 7 .... can anyone help..

BR//SAJESH

AskedAugust 14, 2019 - 6:27am

Comments (1)

  • Zhengshi's picture
    (NXLog)

    I would suggest trying to run the command outside of NXLog to see if the options are good on your system. You can replace $Hostname and $raw_event with static text for the test.

    August 15, 2019 - 9:00pm

Answers (0)