On 02/01/05, Balazs Scheidler wrote:
On Tue, 2005-02-01 at 08:58 -0500, Philip J. Hollenback wrote:
While setting up syslog-ng 1.6.5 on Fedora Core 1 linux, I noticed a discrepancy between it and regular syslog: syslog-ng opens /proc/kmsg read/write.
Here's my source entry in syslog-ng.conf:
source local { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); udp(); internal(); };
And lsof says:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME syslog-ng 11320 root 3u REG 0,2 0 4112 /proc/kmsg
The 'u' in the FD field means the file is open read/write.
use file() instead of pipe() that will open /proc/kmsg in readonly mode. Pipes have to be opened in read-write mode.
I figured that out by checking the source code (RTFS?). The real confusion comes from a mismatch between the syslog-ng reference manual and the example syslog-ng.conf.Redhat in the contrib directory. The reference manual indicates that /proc/kmsg should be opened with file(). syslog-ng.conf.Redhat, however, opens /proc/kmsg with pipe(). I believe that the reference manual is correct and that syslog-ng.conf.Redhat is incorrect and should be change to use file instead of pipe. Thanks, P. -- Philip J. Hollenback Telemetry Investments phollenback@telemetry-investments.com