value-pairs()
Chapter 7. Sending and storing log messages — destinations and destination drivers
7.11. Generating SMTP messages (e-mail) from logs
The destination is aimed at a fully controlled local, or near-local, trusted SMTP server. The goal is to send mail to trusted recipients, through a controlled channel. It hands mails over to an SMTP server, and that is all it does, therefore the resulting solution is as reliable as sending an e-mail in general. For example, syslog-ng OSE does not verify whether the recipient exists.
Thesmtp()driver sends e-mail messages triggered by log messages. Thesmtp()driver uses SMTP, without needing external applications. You can customize the main fields of the e-mail, add extra headers, send the e-mail to multiple recipients, and so on.
Thesubject(),body(), andheader()fields may include macros which get expanded in the e-mail. For more information on available macros see Section 11.1.5, Macros of syslog-ng OSE (p. 234).
Thesmtp()driver has the following required parameters:host(),port(),from(),to(),subject(), and body(). For the list of available optional parameters, see Section 7.11.1, smtp() destination options (p. 155).
Note
Thesmtp()destination driver is available only in syslog-ng OSE 3.4 and later.
Declaration:
smtp(host() port() from() to() subject() body() options());
Example 7.12. Using the smtp() driver
The following example defines ansmtp()destination using only the required parameters.
destination d_smtp { smtp(
host("localhost") port(25)
from("syslog-ng alert service" "[email protected]")
Generating SMTP messages (e-mail) from logs
to("Admin #1" "[email protected]")
subject("[ALERT] Important log message of $LEVEL condition received from
$HOST/$PROGRAM!")
body("Hi!\nThe syslog-ng alerting service detected the following important log message:\n $MSG\n-- \nsyslog-ng\n")
);
};
The following example sets some optional parameters as well.
destination d_smtp { smtp(
host("localhost") port(25)
from("syslog-ng alert service" "[email protected]") to("Admin #1" "[email protected]")
to("Admin #2" "[email protected]") cc("Admin BOSS" "[email protected]") bcc("Blind CC" "[email protected]")
subject("[ALERT] Important log message of $LEVEL condition received from
$HOST/$PROGRAM!")
body("Hi!\nThe syslog-ng alerting service detected the following important log message:\n $MSG\n-- \nsyslog-ng\n")
header("X-Program", "$PROGRAM") );
};
Example 7.13. Simple e-mail alerting with thesmtp()driver
The following example sends an e-mail alert if the eth0 network interface of the host is down.
filter f_linkdown {
match("eth0: link down" value("MESSAGE"));
};
destination d_alert { smtp(
host("localhost") port(25)
from("syslog-ng alert service" "syslog@localhost") reply-to("Admins" "root@localhost")
to("Ennekem" "me@localhost")
subject("[SYSLOG ALERT]: eth0 link down") body("Syslog received an alert:\n$MSG") );
7.11.1. smtp() destination options
Thesmtp()sends e-mail messages using SMTP, without needing external applications. Thesmtp()destination has the following options:
body()
string Type:
n/a Default:
Description: The BODY field of the e-mail. You can also use macros in the string. Use\nto start a new line.
For example:
smtp() destination options
body("syslog-ng OSE received the following alert from $HOST:\n$MSG")
bcc()
string Type:
n/a Default:
Description: The BCC recipient of the e-mail (contents of the BCC field). You can specify the e-mail address, or the name and the e-mail address. Set thebcc()option multiple times to send the e-mail to multiple recipients.
For example:
bcc("[email protected]") or
bcc("Admin" "[email protected]") or
bcc("Admin" "[email protected]") bcc("Admin2" "[email protected]")
cc()
string Type:
n/a Default:
Description: The CC recipient of the e-mail (contents of the CC field). You can specify the e-mail address, or the name and the e-mail address. Set thecc()option multiple times to send the e-mail to multiple recipients.
For example:
cc("[email protected]") or
cc("Admin" "[email protected]") or
cc("Admin" "[email protected]") cc("Admin2" "[email protected]")
from()
string Type:
n/a Default:
Description: The sender of the e-mail (contents of the FROM field). You can specify the e-mail address, or the name and the e-mail address. For example:
from("[email protected]") or
smtp() destination options
from("Admin" "[email protected]")
If you specify thefrom()option multiple times, the last value will be used. Instead of thefrom()option, you can also usesender(), which is just an alias of thefrom()option.
header() string Type:
n/a Default:
Description: Adds an extra header to the e-mail with the specified name and content. The first parameter sets the name of the header, the second one its value. The value of the header can contain macros. Set theheader() option multiple times to add multiple headers. For example:
header("X-Program", "$PROGRAM")
When using the header option, note the following points:
■ Do not use theheader()option to set the values of headers that have dedicated options. Use it only to add extra headers.
■ If you set the same custom header multiple times, only the first will be added to the e-mail, other occurrences will be ignored.
■ It is not possible to set the DATE, Return-Path, Original-Recipient, Content-*, MIME-*, Resent-*, Received headers.
host()
hostname or IP address Type:
n/a Default:
Description: Hostname or IP address of the SMTP server.
Note
If you specify host="localhost", syslog-ng OSE will use a socket to connect to the local SMTP server. Use host="127.0.0.1"to force TCP communication between syslog-ng OSE and the local SMTP server.
log-fifo-size() number Type:
Use global setting.
Default:
Description: The number of messages that the output queue can store.
port()
number Type:
25 Default:
smtp() destination options
Description: The port number of the SMTP server.
reply-to() string Type:
n/a Default:
Description: Replies of the recipient will be sent to this address (contents of the REPLY-TO field). You can specify the e-mail address, or the name and the e-mail address. Set thereply-to()option multiple times to send the e-mail to multiple recipients. For example:
reply-to("[email protected]") or
reply-to("Admin" "[email protected]") or
reply-to("Admin" "[email protected]") reply-to("Admin2" "[email protected]")
retries()
number (of attempts) Type:
3 Default:
Description: The number of times syslog-ng OSE attempts to send a message to this destination. If syslog-ng OSE could not send a message, it will try again until the number of attempts reachesretries, then drops the message.
subject() string Type:
n/a Default:
Description: The SUBJECT field of the e-mail. You can also use macros. For example:
subject("[SYSLOG ALERT]: Critical error message received from $HOST") If you specify thesubject()option multiple times, the last value will be used.
throttle() number Type:
0 Default:
Description: Sets the maximum number of messages sent to the destination per second. Use this output-rate-limiting functionality only when using large enough buffers as well to avoid the risk of losing messages. Specifying0or a lower value sets the output limit to unlimited.
smtp() destination options
to()
string Type:
localhost Default:
Description: The recipient of the e-mail (contents of the TO field). You can specify the e-mail address, or the name and the e-mail address. Set theto()option multiple times to send the e-mail to multiple recipients. For example:
to("[email protected]") or
to("Admin" "[email protected]") or
to("Admin" "[email protected]") to("Admin2" "[email protected]")