LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-05-2006, 08:50 AM   #1
xmdms
Member
 
Registered: Oct 2003
Posts: 134

Rep: Reputation: 15
I need help with scripting -- Please help


Hi,

I am trying to figure how I can add an alert to the audit.conf file (/etc/audit.audit.conf) to send and e-mail when the threshold is reached.

I am new to Linux and not an expert in writing Linux scripts. Please help.

Below, is the original audit.conf so you can see and help me when the threshold is reached.

Thank you in advance.

Jorge


# kernel interface
device-file = "/dev/audit";

# filter config
filter-config = "/etc/audit/filter.conf";

# Standard output method is bin mode.
#
output {
mode = bin;
num-files = 4;
file-size = 20M;
file-name = "/var/log/audit.d/bin";
notify = "/usr/sbin/audbin -S /var/log/audit.d/save.%u -C";

# The following symlink is created whenever we switch to
# a new bin.
current = "/var/log/audit";

sync = yes;
error {
action {
type = suspend;
};
};
};

# Alternatively, write to /var/log/audit in normal
# append mode
# output {
# mode = append;
# file-name = "/var/log/audit";
# sync = yes;
# };

# Alternative output
# output {
# mode = stream;
# command = "/usr/local/sbin/send_to_syslog"
# };

# Disk usage thresholds.
# These thresholds are checked at regular intervals when
# append mode is used.
# (bin mode doesn't require these checks as the bin files
# are preallocated).
threshold disk-space-low {
space-left = 10M;
action {
type = syslog;
facility = security;
priority = warning;
};
action {
type = notify;
command = "/usr/local/bin/page-admin";
};
action {
type = audit;
event = AUDIT_disklow;
};
};
threshold disk-full {
space-left = 20K;
action {
type = syslog;
facility = security;
priority = crit;
};
action {
type = audit;
event = AUDIT_diskfull;
};
};
 
Old 08-06-2006, 12:27 PM   #2
dugas
Member
 
Registered: Jul 2004
Location: louisiana
Distribution: fedora 4/kubuntu
Posts: 116

Rep: Reputation: 15
Mail from script.

Code:
(
echo "To: Jorge <jorge@somewhere.com>"
echo "From: machine@somewhere.com <machine@somewhere.com>"
echo "Subject: Threshold Reached"
echo
echo "====================================================="
echo "Whatever message."
echo "====================================================="
) 2>&1 | /usr/sbin/sendmail -t

Just place this in the script wherever the script says it is about to write to the log, or wherever else you want it. You could also capture the output in the audit file and pipe it to the email message.
 
Old 08-09-2006, 11:16 AM   #3
xmdms
Member
 
Registered: Oct 2003
Posts: 134

Original Poster
Rep: Reputation: 15
Dugas,

I really appreciate you've taken your time showing me the proper syntax for email notification. I am not sure where I can add these lines in the script that I have provided previous post. Could you please take a another minute out on your busy schedule to point out where I should add these lines of codes?

Again, thanks so much for your help!!

Jorge

Quote:
Originally Posted by dugas
Code:
(
echo "To: Jorge <jorge@somewhere.com>"
echo "From: machine@somewhere.com <machine@somewhere.com>"
echo "Subject: Threshold Reached"
echo
echo "====================================================="
echo "Whatever message."
echo "====================================================="
) 2>&1 | /usr/sbin/sendmail -t

Just place this in the script wherever the script says it is about to write to the log, or wherever else you want it. You could also capture the output in the audit file and pipe it to the email message.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
teaching shell scripting: cool scripting examples? fax8 Linux - General 1 04-20-2006 04:29 AM
Need help scripting Tamara Programming 1 06-05-2005 03:18 PM
Scripting help JediMasterTux Linux - Newbie 2 07-13-2004 01:29 AM
scripting help garretwp Linux - Newbie 10 03-01-2004 10:40 PM
Scripting Askari Programming 1 12-09-2003 09:25 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 04:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration