RSYSLOG: Send email notifications

I want to monitor my log files for a specific line, and if found send an e-mail alert. Rsyslog has this built in, and it works great. I put the following config in /etc/rsyslog.g/dhcp-watch.conf and now I get an email if a specific DHCP subnet is used.

# If we give out DHCP for a specific network send an alert email
$ModLoad ommail

$ActionMailSMTPServer mail.domain.com
$ActionMailFrom       rsyslog@domain.com
$ActionMailTo         me@domain.com

$template mailSubject,"DHCP Poll activity on %hostname%"
$template    mailBody,"DHCP Activity on the VLAN 873 pool\r\n\r\n%msg%"

$ActionMailSubject mailSubject

# Only send an email every 15 minutes
$ActionExecOnlyOnceEveryInterval 900

# This if/then must all be on one line
if $msg contains 'DHCPOFFER on 10.1.9.' then :ommail:;mailBody
Leave A Reply - 1 Reply
Replies
Med 2020-01-23 06:33am - mehdi.alouache@hotmail.fr - Logged IP: 165.225.205.8

Hello,

With a configuration similar to yours, I ma able to mail all the logs generated locally but can't get ommail triggered by logs coming from the network on rsyslog. Have you ever experienced a similar situation ?

Thanks for your help

Regards

All content licensed under the Creative Commons License