The Blog Thing

SEC (Simple Event Correlator) is a great tool developed by Risto Vaarandi that you’ll find here: http://kodu.neti.ee/~risto/sec/

It is a tool that allows you to scan one or multiple log files and act upon events. See the forementioned link for more info.

I wanted to insert records into a MySQL database when Postfix refuses an email. I used to do this by calling a PHP script from SEC with the shellcmd action, but that has two main drawbacks:

I found out that this can be done a lot more efficient with the following method:

This can be done by creating two rules. One that uses the internal startup event to create the database connection and one for detecting and acting upon the event.
Here are the rules:

type=Single
desc=Load DBI and connect to DB at SEC startup or HUP
ptype=RegExp
pattern=(SEC_STARTUP|SEC_RESTART)
context=[SEC_INTERNAL_EVENT]
action=assign %a 0; \
eval %a (use DBI; \
$dbconn = DBI->connect("dbi:mysql:[database name]:localhost", "[db_user]", "[db_pwd]"); 1;); \
eval %a (exit(1) unless %a);

type=Single
ptype=RegExp
desc=$0
pattern=[your pattern here]
action=eval %a (my $query = "[your MySQL query here]";\
$dbconn->do($query);)

Off course, these are examples. You’ll have to fill in your own specific data, especially replacing the “[descriptions]“.
Important note: you’ll have to start SEC with the “-intevents” switch for these rules to work!

The first rule is triggered at SEC startup and connects to the database. The database connection is stored in $dbconn. In the second rule, the connection is reused.
In both rules, SECs eval action is used to execute a bit of Perl code.
I hope the examples are clear enough to reuse for your own purposes