Jun 102020
Recently I switched from syslog-ng to rsyslog and one of the things that I needed is forwarding of specific syslog messages to an external program. In my case a python script that further processes the messages. This can be done by adding the following lines to /etc/rsyslog.conf
[..] module(load="omprog") if( $msg contains "something interesting e.g. a warning") then { action(type="omprog" binary="/usr/bin/further_process.py" template="RSYSLOG_TraditionalFileFormat") } [..]
The full syslog message will then be passed on to the script. You can also use contains_i which is not case sensitive (recommended).
In python the message will be send via STDIN. You can for example use
msg = sys.stdin.readline()
to read and process the message further.