Silencing output when scripts execute
Bill Shirley
Bill at Henagar.PolymerIndustries.biz
Wed Nov 2 23:33:15 UTC 2016
I switched from using the DHCP exec to Simple Event Collator (sec). It monitors the log files much
like fail2ban and can respond to log messages. I have an elaborate log message for DHCP. This
sec rule triggers when a lease is issued and adds the IP address to a ipset:
# Dec 31 11:19:28 server dhcpd[20260]: Host:BROTHER-MFC-J61=>BROTHER-MFC-J61 VendorId:(none) MemberOf:(none) PoolType:(none)
Lease:14400 Ipv4:192.168.4.63 MAC:0:1b:a9:3d:2d:e3 --> STATIC
type=Single
ptype=RegExp
pattern=(?<server_name>\S+)\s+dhcpd\S+:\s+Host:(?<host>\S+)=\>(?<DNShost>\S+).+
Lease:(?<leaseTime>\d+).+IPv4:(?<ipv4>(\d{1,3}\.){3}\d{1,3}).+MAC:(?<MAC>\S+)
desc=DHCP lease issued: Server:$+{server_name} Host:$+{DNShost} IPv4:$+{ipv4} Lease:$+{leaseTime} MAC:$+{MAC}
action=shellcmd /usr/sbin/ipset -exist add DHCP4-lease $+{ipv4} timeout $+{leaseTime}
Everything from # up to (but not including) type is a sample log line. (I'm pretty sure this will wrap
in this email.)
sec's actions are logged to /var/log/sec.
[0:root at server network]$ dnf search sec
Last metadata expiration check performed 1:14:59 ago on Wed Nov 2 18:10:46 2016.
===================================================================== N/S Matched: sec
======================================================================
sec.noarch : Simple Event Correlator script to filter log file entries
Bill
On 11/2/2016 5:52 PM, Alan Buxey wrote:
> hi,
>
>> Is there a way to silence those lines? They seem rather debuggish,
>> and on my production system my syslog files are being flooded with 16
>> lines of "execute_statement" messages for every single lease assigned.
> what syslog system are you using? with eg rsyslog you can do a very simple
> regex pattern match to ignore those entries and not log them (or log them
> to another server or log them to another file....)... /^execute_statement argv/
>
> alan
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20161102/dfba2930/attachment.html>
More information about the dhcp-users
mailing list