On Tue, Jun 03, 2003 at 11:40:08AM +0200, mailinglists wrote:
if this works, try:
"echo $1 | mail -s \"Security_Alert: $1\" ALERT@domain.com"
hey, no bad idea. effect is that the alert is displayed in the subject textfield, not in the body. the echo $1 didn't work. Logsurfer printed the matching logs to shell.
I read logsurfer.conf(4) this way:
'report' expands additional arguments as 'contexts' which you need to
'open' before you can use them ...
you could e.g. open contexts matching the source ip, and then
mail the whole context if something seems suspicious.
don't forget to timeout the context somewhen...
but maybe what you really want is 'pipe' ?
and be VERY careful with "/bin/mail" and other programs, afaik, if
started by logsurfer it behaves as if it was interactive, thus someone
could craft a logentry containing mail escapes e.g. with "logger", and
use your logsurfer script to execute arbitrary commands as the logsurfer
user ...
you could use the "start-mail" contributed wrapper script.
or do it yourself like
---8<---
#!/bin/bash
# usage: logsurf-mail to-address subject
# example logsurfer line:
# '.*' - - - 0 pipe "/some/where/logsurf-mail operator 'full line in body'"
{
cat <