Silencing output when scripts execute

Bill Shirley Bill at Henagar.PolymerIndustries.biz
Wed Nov 2 23:33:15 UTC 2016 

I switched from using the DHCP exec to Simple Event Collator (sec). It monitors the log files much
like fail2ban and can respond to log messages.  I have an elaborate log message for DHCP.  This
sec rule triggers when a lease is issued and adds the IP address to a ipset:
# Dec 31 11:19:28 server dhcpd[20260]: Host:BROTHER-MFC-J61=>BROTHER-MFC-J61  VendorId:(none) MemberOf:(none)  PoolType:(none)  
Lease:14400 Ipv4:192.168.4.63  MAC:0:1b:a9:3d:2d:e3 --> STATIC
type=Single
ptype=RegExp
pattern=(?<server_name>\S+)\s+dhcpd\S+:\s+Host:(?<host>\S+)=\>(?<DNShost>\S+).+ 
Lease:(?<leaseTime>\d+).+IPv4:(?<ipv4>(\d{1,3}\.){3}\d{1,3}).+MAC:(?<MAC>\S+)
desc=DHCP lease issued: Server:$+{server_name} Host:$+{DNShost}  IPv4:$+{ipv4}  Lease:$+{leaseTime} MAC:$+{MAC}
action=shellcmd /usr/sbin/ipset -exist add DHCP4-lease $+{ipv4} timeout $+{leaseTime}
Everything from # up to (but not including) type is a sample log line.  (I'm pretty sure this will wrap
in this email.)

sec's actions are logged to /var/log/sec.

[0:root at server network]$ dnf search sec
Last metadata expiration check performed 1:14:59 ago on Wed Nov  2 18:10:46 2016.
===================================================================== N/S Matched: sec 
======================================================================
sec.noarch : Simple Event Correlator script to filter log file entries

Bill


On 11/2/2016 5:52 PM, Alan Buxey wrote:
> hi,
>
>> Is there a way to silence those lines?  They seem rather debuggish,
>> and on my production system my syslog files are being flooded with 16
>> lines of "execute_statement" messages for every single lease assigned.
> what syslog system are you using? with eg rsyslog you can do a very simple
> regex pattern match to ignore those entries and not log them (or log them
> to another server or log them to another file....)... /^execute_statement argv/
>
> alan
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20161102/dfba2930/attachment.html>

More information about the dhcp-users mailing list