Using EELS

Executing scripts using filters

EELS can be configured to filter incoming messages and to execute a script or command whenever a match is made.

NOTE: Currently the script or command is executed as root. In future releases of EELS, the user parameter (described below) will be implemented and the UID that the script or command is run as will be selectable.

Using this feature, you could configure EELS to email you whenever a failed attempt to telnet into your system is made. First, you would add new execute-script and filter parameter blocks to /etc/default/eels, as follows:

  1. Log in as root.

  2. Add the following lines to the bottom of /etc/default/eels:
    execute-script example_mailer {
       script  /etc/eels/scripts/;
       user    root;
       filter  ex_mailer_filter;

    filter ex_mailer_filter { include " OriginatorServiceName == 'telnetd' && EventSpecificInformation == 'Unable to invoke login '"; }

    NOTE: The execute-script block specifies that the /etc/eels/scripts/ must be executed whenever the conditions in the filter block ``ex_mailer_filter'' are satisfied. The filter block specifies that for the script to be executed, the field ``OriginatorServiceName'' must be equal to ``telnetd'' and ``EventSpecificInformation'' must contain the sub string ``Unable to invoke login''.

  3. Save /etc/default/eels.
Next, you could create the script you referenced in the execute-script block.

  1. Log in as root.

  2. Create /etc/eels/scripts/ and add the following lines to the new file:
    echo "A telnet session was aborted on: `date`"|mailx \
           -s "A possible telnet problem occurred on: `uanme -n`" \

  3. Save /etc/eels/scripts/

  4. Ensure the script has the correct permissions by entering the following command:

    chmod 755 /etc/eels/scripts/

  5. To activate your changes, stop and restart EELS by entering the following commands:

    /etc/init.d/eelsrc stop
    /etc/init.d/eelsrc start

The changes are now active. If a telnet session is aborted before a successful login is made on your system, a warning message is emailed to To test that this works:

  1. Log in as root.

  2. Use telnet to connect to the localhost:

    telnet localhost

  3. Press <Ctrl>D to exit the telnet session. Doing this generates the message you need to trigger the script.
The warning email message will be sent immediately. Usually you should receive the message within a couple of minutes.

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004