RSYSLOG: Send email notifications

I want to monitor my log files for a specific line, and if found send an e-mail alert. Rsyslog has this built in, and it works great. I put the following config in /etc/rsyslog.g/dhcp-watch.conf and now I get an email if a specific DHCP subnet is used.

# If we give out DHCP for a specific network send an alert email
$ModLoad ommail

$ActionMailSMTPServer mail.domain.com
$ActionMailFrom       rsyslog@domain.com
$ActionMailTo         me@domain.com

$template mailSubject,"DHCP Poll activity on %hostname%"
$template    mailBody,"DHCP Activity on the VLAN 873 pool\r\n\r\n%msg%"

$ActionMailSubject mailSubject

# Only send an email every 15 minutes
$ActionExecOnlyOnceEveryInterval 900

# This if/then must all be on one line
if $msg contains 'DHCPOFFER on 10.1.9.' then :ommail:;mailBody
Leave A Reply
All content licensed under the Creative Commons License