rsyslog Email Notification

  • Post author:
  • Post category:How To

If you are using rsyslog, here’s how to get an email notification when a certain keyword is found in the logs.

1. Edit rsyslog.conf. We are using Red Hat.

> vi /etc/rsyslog.conf

2. Add the following lines at the end of the file. An email will be sent when the keyword ERROR is found. The action runs every 5 minutes.

$ModLoad ommail
$ActionMailSMTPServer localhost
$ActionMailFrom rsyslog@domain.com
$ActionMailTo admin@domain.com
$template mailSubject,"[rsyslog] %hostname%"
$template mailBody,"%msg%"
$ActionMailSubject mailSubject
$ActionExecOnlyOnceEveryInterval 300
if $msg contains 'ERROR' then :ommail:;mailBody

3. Restart rsyslog.

> service rsyslog restart