Jun 102020
 

Recently I switched from syslog-ng to rsyslog and one of the things that I needed is forwarding of specific syslog messages to an external program. In my case a python script that further processes the messages. This can be done by adding the following lines to /etc/rsyslog.conf

[..]
module(load="omprog")
if( $msg contains "something interesting e.g. a warning") then {
action(type="omprog" binary="/usr/bin/further_process.py" template="RSYSLOG_TraditionalFileFormat")
}
[..]

The full syslog message will then be passed on to the script. You can also use contains_i which is not case sensitive (recommended).

In python the message will be send via STDIN. You can for example use

msg = sys.stdin.readline()

to read and process the message further.