Executing scripts using filters

EELS can be configured to filter incoming messages and to execute a script or command whenever a match is made.

Using this feature, you could configure EELS to email you whenever a failed attempt to telnet into your system is made. First, you would add new execute-script and filter parameter blocks to /etc/default/eels, as follows:

1. Log in as root.

2. Add the following lines to the bottom of /etc/default/eels:

   execute-script example_mailer {
      script  /etc/eels/scripts/ex_mailer.sh;
      user    root;
      filter  ex_mailer_filter;
   }
   
   filter ex_mailer_filter {
      include  " OriginatorServiceName == 'telnetd' &&
   EventSpecificInformation == 'Unable to invoke login '";
   }
   

   ---

   NOTE: The execute-script block specifies that the /etc/eels/scripts/ex_mailer.sh must be executed whenever the conditions in the filter block ``ex_mailer_filter'' are satisfied. The filter block specifies that for the script to be executed, the field ``OriginatorServiceName'' must be equal to ``telnetd'' and ``EventSpecificInformation'' must contain the sub string ``Unable to invoke login''.

   ---

3. Save /etc/default/eels.

1. Log in as root.

2. Create /etc/eels/scripts/ex_mailer.sh and add the following lines to the new file:

   #!/bin/sh
   echo "A telnet session was aborted on: `date`"|mailx \
          -s "A possible telnet problem occurred on: `uanme -n`" \
          AnAdministrator@A_Node.com
   

3. Save /etc/eels/scripts/ex_mailer.sh.

4. Ensure the script has the correct permissions by entering the following command:

   chmod 755 /etc/eels/scripts/ex_mailer.sh

5. To activate your changes, stop and restart EELS by entering the following commands:

   /etc/init.d/eelsrc stop
   /etc/init.d/eelsrc start

1. Log in as root.

2. Use telnet to connect to the localhost:

   telnet localhost

3. Press <Ctrl>D to exit the telnet session. Doing this generates the message you need to trigger the script.