This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

rsyslog output to eggdrop

Requests for complete scripts or modifications/fixes for scripts you didn't write. Response not guaranteed, and no thread bumping!
Post Reply
h
hypnotoad
Voice
Posts: 10
Joined: Wed Apr 07, 2010 12:30 pm

rsyslog output to eggdrop

Post by hypnotoad »

Guess the Topic say´s everything, i search for a script which takes the messages from rsyslog and post it.
I know you can use tcp/udp to use a rsylog on another server, but is there a way to use eggdrop too?
User avatar
tomekk
Master
Posts: 255
Joined: Fri Nov 28, 2008 11:35 am
Location: Oswiecim / Poland
Contact:

Post by tomekk »

do you want to receive logs from rsyslog via TCP and post them on channel right?

smth like (spam after rsyslogd connection):

Code: Select all

23:18:37 < botty> <6>Apr 13 23:20:55 debian kernel: Kernel logging (proc) stopped.
23:18:39 < botty> <6>Apr 13 23:20:55 debian kernel: imklog 3.18.6, log source = /proc/kmsg started.
23:18:40 < botty> <46>Apr 13 23:20:55 debian rsyslogd: [origin software="rsyslogd" swVersion="3.18.6"
                  x-pid="2499" x-info="http://www.rsyslog.com"] exiting on signal 15.
23:18:40 < botty> <46>Apr 13 23:20:55 debian rsyslogd: [origin software="rsyslogd" swVersion="3.18.6"
                  x-pid="2520" x-info="http://www.rsyslog.com"] restart
host with eggdrop:

Code: Select all

tomekk@debian:~/eggdrop# netstat -tpan | grep 1444
tcp        0      0 10.0.1.1:1444           0.0.0.0:*               LISTEN     31307/eggdrop
tcp        0      0 10.0.1.1:1444           10.0.1.14:33671         ESTABLISHED31307/eggdrop
*.14 is the host with rsyslog daemon

Code: Select all

tomekk@zlom:/# echo "teste me" | logger
channel:

Code: Select all

23:18:52 < botty> <13>Apr 13 23:21:11 debian logger: teste me

later...

23:41:08 < botty> <13>Apr 13 23:43:27 debian shutdown[2581]: shutting down for system halt
23:41:09 < botty> <30>Apr 13 23:43:27 debian init: Switching to runlevel: 0
:>
h
hypnotoad
Voice
Posts: 10
Joined: Wed Apr 07, 2010 12:30 pm

Post by hypnotoad »

yeah this looks good!
how do you made this?
is there a way to use .tcl files to make the output more configurable?
User avatar
tomekk
Master
Posts: 255
Joined: Fri Nov 28, 2008 11:35 am
Location: Oswiecim / Poland
Contact:

Post by tomekk »

Its just like telnet or netcat, all you have to do is to write TCL socket script, based on TCP/IP.

Of course you can filter whole output.
h
hypnotoad
Voice
Posts: 10
Joined: Wed Apr 07, 2010 12:30 pm

Post by hypnotoad »

ok,
do you have a sample tcl socket script for me? i don´t know where i should start, i am totaly scripting noob, but like to learn :)

i thought there must be away to catch the log´s while there written into the *.log file.

Like:
Rsyslog daemon > write a line in the *.log file
> and catch this line at the same time and put the output over eggdrop into irc
User avatar
tomekk
Master
Posts: 255
Joined: Fri Nov 28, 2008 11:35 am
Location: Oswiecim / Poland
Contact:

Post by tomekk »

simple example;

Code: Select all

set port 1444
set host 10.0.1.1

##################################################################
bind evnt - prerehash prerehash_proc

set s_socket [socket -server socket_proc -myaddr $host $port]

proc prerehash_proc { type } {
        global s_socket

        close $s_socket
}

proc socket_proc { sock host port } {
        fconfigure $sock -buffering line
        fileevent $sock readable "action $sock $host $port"
}

proc action { chan host port } {
        if {![eof $chan]} {
                set data [gets $chan]

                if {$data != ""} {
                        putquick "PRIVMSG #channel :$data"
                }
        } {
                close $chan
        }
}
rsyslog option for forward logs to remote host;

Code: Select all

*.*       @@10.0.1.1:1444
for the rest of info check the rsyslogs doc

try it
h
hypnotoad
Voice
Posts: 10
Joined: Wed Apr 07, 2010 12:30 pm

Post by hypnotoad »

ok i will
thx for youre help
Post Reply