I finished implementing exec and filters:
exec "tail -1 /var/log/auth.log" {
type "syslog" {
match = ".*";
reaction = "echo %=MATCH|shellescape%";
};
};
I've made a point of having perl-grok's config format work, because I think it
was a reasonable format (you're free to disagree!). At any rate, filters are
now working, and the result of the above code is:
Reaction: echo Feb 8 23:25:01 snack CRON\[21596\]: pam_unix\(cron:session\): session closed for user root
Checking for input: tail -1 /var/log/auth.log(0x74b100)
Reading from: tail -1 /var/log/auth.log
Feb 8 23:25:01 snack CRON[21596]: pam_unix(cron:session): session closed for user root