On Tue, 2005-02-01 at 08:58 -0500, Philip J. Hollenback wrote:
While setting up syslog-ng 1.6.5 on Fedora Core 1 linux, I noticed a discrepancy between it and regular syslog: syslog-ng opens /proc/kmsg read/write.
Here's my source entry in syslog-ng.conf:
source local { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); udp(); internal(); };
And lsof says:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME syslog-ng 11320 root 3u REG 0,2 0 4112 /proc/kmsg
The 'u' in the FD field means the file is open read/write.
use file() instead of pipe() that will open /proc/kmsg in readonly mode. Pipes have to be opened in read-write mode.
I notice syslog-ng also opens /dev/log read/write, so I suspect it opens all input files with that mode.
/dev/log is a socket not a file. -- Bazsi