Question about syntax for source
In syslog-ng 2.x versions under OpenBSD I used to use the following line for a source. source local { internal(); pipe("/dev/klog" log_prefix("kernel: ")); unix-dgram("/dev/log"); }; When trying to convert this for syslog-ng 3.x under OpenBSD. I have an error. When I use syslog-ng -s -f ../syslog-ng.conf it works, but when I run syslog-ng -p /var/run/syslog-ng.pid, I get the following error. # /usr/local/sbin/syslog-ng -p /var/run/syslog-ng.pid WARNING: you are using the pipe driver, underlying file is not a FIFO, it should be used by file(); filename='/dev/klog' Here is the current source line using syslog-ng 3.0 under OpenBSD 4.8. source local { internal(); pipe("/dev/klog" program_override("kernel: ")); unix-dgram("/dev/log"); }; Please advise. Phusion
Phusion <phusion2k@gmail.com> writes:
When trying to convert this for syslog-ng 3.x under OpenBSD. I have an error. When I use syslog-ng -s -f ../syslog-ng.conf it works, but when I run syslog-ng -p /var/run/syslog-ng.pid, I get the following error.
# /usr/local/sbin/syslog-ng -p /var/run/syslog-ng.pid WARNING: you are using the pipe driver, underlying file is not a FIFO, it should be used by file(); filename='/dev/klog'
The warning pretty much tells you what to do, and why: change pipe() to file(), because /dev/klog appears to be something else than your common pipe. In syslog-ng 2.x, things worked a bit differently (the details escape me, I'm afraid), which changed in 3.x, and thus, the warning is printed.
Here is the current source line using syslog-ng 3.0 under OpenBSD 4.8.
source local { internal(); pipe("/dev/klog" program_override("kernel: ")); unix-dgram("/dev/log"); };
Change it to something like this: source local { internal(); file("/dev/klog" program_override("kernel: ")); unix-dgram("/dev/log"); }; And voila! -- |8]
Hello, On Sun, Apr 3, 2011 at 9:02 PM, Gergely Nagy <algernon@balabit.hu> wrote:
Phusion <phusion2k@gmail.com> writes:
When trying to convert this for syslog-ng 3.x under OpenBSD. I have an error. When I use syslog-ng -s -f ../syslog-ng.conf it works, but when I run syslog-ng -p /var/run/syslog-ng.pid, I get the following error.
# /usr/local/sbin/syslog-ng -p /var/run/syslog-ng.pid WARNING: you are using the pipe driver, underlying file is not a FIFO, it should be used by file(); filename='/dev/klog'
The warning pretty much tells you what to do, and why: change pipe() to file(), because /dev/klog appears to be something else than your common pipe.
This warning is misleading. As reported a while ago using file() for anything else than non-regular files could lead to severe problems.
In syslog-ng 2.x, things worked a bit differently (the details escape me, I'm afraid), which changed in 3.x, and thus, the warning is printed.
Here is the current source line using syslog-ng 3.0 under OpenBSD 4.8.
source local { internal(); pipe("/dev/klog" program_override("kernel: ")); unix-dgram("/dev/log"); };
Change it to something like this:
source local { internal(); file("/dev/klog" program_override("kernel: ")); unix-dgram("/dev/log"); };
Don't do this. Commit 61940d18c205d36cb7dd0b30dba741cc8459e2ac fixed the underlying problem in the 3.2 branch. When a new version will get released then the warning would remain but at least syslog-ng would actually check that the source is a regular file and assume readability only in this case, otherwise it will poll() the source which is the wanted behaviour for character devices and pipes. Regards, Sandor
On Mon, 2011-04-04 at 12:18 +0200, Sandor Geller wrote:
Hello,
On Sun, Apr 3, 2011 at 9:02 PM, Gergely Nagy <algernon@balabit.hu> wrote:
Phusion <phusion2k@gmail.com> writes:
When trying to convert this for syslog-ng 3.x under OpenBSD. I have an error. When I use syslog-ng -s -f ../syslog-ng.conf it works, but when I run syslog-ng -p /var/run/syslog-ng.pid, I get the following error.
# /usr/local/sbin/syslog-ng -p /var/run/syslog-ng.pid WARNING: you are using the pipe driver, underlying file is not a FIFO, it should be used by file(); filename='/dev/klog'
The warning pretty much tells you what to do, and why: change pipe() to file(), because /dev/klog appears to be something else than your common pipe.
This warning is misleading. As reported a while ago using file() for anything else than non-regular files could lead to severe problems.
In syslog-ng 2.x, things worked a bit differently (the details escape me, I'm afraid), which changed in 3.x, and thus, the warning is printed.
Here is the current source line using syslog-ng 3.0 under OpenBSD 4.8.
source local { internal(); pipe("/dev/klog" program_override("kernel: ")); unix-dgram("/dev/log"); };
Change it to something like this:
source local { internal(); file("/dev/klog" program_override("kernel: ")); unix-dgram("/dev/log"); };
Don't do this. Commit 61940d18c205d36cb7dd0b30dba741cc8459e2ac fixed the underlying problem in the 3.2 branch. When a new version will get released then the warning would remain but at least syslog-ng would actually check that the source is a regular file and assume readability only in this case, otherwise it will poll() the source which is the wanted behaviour for character devices and pipes.
But If I remember correctly, that only affected 3.2, right? -- Bazsi
Hello Bazsi, On Fri, Apr 8, 2011 at 12:36 AM, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Mon, 2011-04-04 at 12:18 +0200, Sandor Geller wrote:
Hello,
On Sun, Apr 3, 2011 at 9:02 PM, Gergely Nagy <algernon@balabit.hu> wrote:
Phusion <phusion2k@gmail.com> writes:
When trying to convert this for syslog-ng 3.x under OpenBSD. I have an error. When I use syslog-ng -s -f ../syslog-ng.conf it works, but when I run syslog-ng -p /var/run/syslog-ng.pid, I get the following error.
# /usr/local/sbin/syslog-ng -p /var/run/syslog-ng.pid WARNING: you are using the pipe driver, underlying file is not a FIFO, it should be used by file(); filename='/dev/klog'
The warning pretty much tells you what to do, and why: change pipe() to file(), because /dev/klog appears to be something else than your common pipe.
This warning is misleading. As reported a while ago using file() for anything else than non-regular files could lead to severe problems.
In syslog-ng 2.x, things worked a bit differently (the details escape me, I'm afraid), which changed in 3.x, and thus, the warning is printed.
Here is the current source line using syslog-ng 3.0 under OpenBSD 4.8.
source local { internal(); pipe("/dev/klog" program_override("kernel: ")); unix-dgram("/dev/log"); };
Change it to something like this:
source local { internal(); file("/dev/klog" program_override("kernel: ")); unix-dgram("/dev/log"); };
Don't do this. Commit 61940d18c205d36cb7dd0b30dba741cc8459e2ac fixed the underlying problem in the 3.2 branch. When a new version will get released then the warning would remain but at least syslog-ng would actually check that the source is a regular file and assume readability only in this case, otherwise it will poll() the source which is the wanted behaviour for character devices and pipes.
But If I remember correctly, that only affected 3.2, right?
In 3.0.8 using pipe() on a non-fifo source or using file() on a fifo source was a fatal error. In 3.1.3 the errors were downgraded to warnings, 3.2 behaves more or less the same. I haven't checked 3.3 yet. In 3.2 git there is an additional check so LW_ALWAYS_WRITABLE is set only for regular file destinations which fixes the blocking write problem reported on the list a while ago but there is still a warning which could get suppressed. I think pipe should be the preferred driver for anything else than regular files, an extra poll() won't hurt. What do you think about this patch? --- affile.c 2011-02-13 14:34:38.000000000 +0100 +++ affile.c-new 2011-04-08 11:13:52.000000000 +0200 @@ -46,6 +46,7 @@ { cap_t saved_caps; struct stat st; + gboolean is_regular; if (strstr(name, "../") || strstr(name, "/..")) { @@ -75,20 +76,21 @@ *fd = -1; if (stat(name, &st) >= 0) { - if (is_pipe && !S_ISFIFO(st.st_mode)) + is_regular = !!S_ISREG(st.st_mode); + if (!is_pipe && !is_regular) { - msg_warning("WARNING: you are using the pipe driver, underlying file is not a FIFO, it should be used by file()", + msg_warning("WARNING: you are using the file driver, underlying file is not a regular file, it should be used by pipe()", evt_tag_str("filename", name), NULL); } - else if (!is_pipe && S_ISFIFO(st.st_mode)) + else if (is_pipe && is_regular) { - msg_warning("WARNING: you are using the file driver, underlying file is a FIFO, it should be used by pipe()", + msg_warning("WARNING: you are using the pipe driver, underlying file is a regular file, it should be used by file()", evt_tag_str("filename", name), NULL); } if (regular) - *regular = !!S_ISREG(st.st_mode); + *regular = is_regular; } else if (regular) *regular = TRUE; Regards, Sandor
On Fri, Apr 8, 2011 at 4:14 AM, Sandor Geller <Sandor.Geller@morganstanley.com> wrote:
Hello Bazsi,
On Fri, Apr 8, 2011 at 12:36 AM, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Mon, 2011-04-04 at 12:18 +0200, Sandor Geller wrote:
Hello,
On Sun, Apr 3, 2011 at 9:02 PM, Gergely Nagy <algernon@balabit.hu> wrote:
Phusion <phusion2k@gmail.com> writes:
When trying to convert this for syslog-ng 3.x under OpenBSD. I have an error. When I use syslog-ng -s -f ../syslog-ng.conf it works, but when I run syslog-ng -p /var/run/syslog-ng.pid, I get the following error.
# /usr/local/sbin/syslog-ng -p /var/run/syslog-ng.pid WARNING: you are using the pipe driver, underlying file is not a FIFO, it should be used by file(); filename='/dev/klog'
The warning pretty much tells you what to do, and why: change pipe() to file(), because /dev/klog appears to be something else than your common pipe.
This warning is misleading. As reported a while ago using file() for anything else than non-regular files could lead to severe problems.
In syslog-ng 2.x, things worked a bit differently (the details escape me, I'm afraid), which changed in 3.x, and thus, the warning is printed.
Here is the current source line using syslog-ng 3.0 under OpenBSD 4.8.
source local { internal(); pipe("/dev/klog" program_override("kernel: ")); unix-dgram("/dev/log"); };
Change it to something like this:
source local { internal(); file("/dev/klog" program_override("kernel: ")); unix-dgram("/dev/log"); };
Don't do this. Commit 61940d18c205d36cb7dd0b30dba741cc8459e2ac fixed the underlying problem in the 3.2 branch. When a new version will get released then the warning would remain but at least syslog-ng would actually check that the source is a regular file and assume readability only in this case, otherwise it will poll() the source which is the wanted behaviour for character devices and pipes.
But If I remember correctly, that only affected 3.2, right?
In 3.0.8 using pipe() on a non-fifo source or using file() on a fifo source was a fatal error. In 3.1.3 the errors were downgraded to warnings, 3.2 behaves more or less the same. I haven't checked 3.3 yet.
In 3.2 git there is an additional check so LW_ALWAYS_WRITABLE is set only for regular file destinations which fixes the blocking write problem reported on the list a while ago but there is still a warning which could get suppressed. I think pipe should be the preferred driver for anything else than regular files, an extra poll() won't hurt. What do you think about this patch?
--- affile.c 2011-02-13 14:34:38.000000000 +0100 +++ affile.c-new 2011-04-08 11:13:52.000000000 +0200 @@ -46,6 +46,7 @@ { cap_t saved_caps; struct stat st; + gboolean is_regular;
if (strstr(name, "../") || strstr(name, "/..")) { @@ -75,20 +76,21 @@ *fd = -1; if (stat(name, &st) >= 0) { - if (is_pipe && !S_ISFIFO(st.st_mode)) + is_regular = !!S_ISREG(st.st_mode); + if (!is_pipe && !is_regular) { - msg_warning("WARNING: you are using the pipe driver, underlying file is not a FIFO, it should be used by file()", + msg_warning("WARNING: you are using the file driver, underlying file is not a regular file, it should be used by pipe()", evt_tag_str("filename", name), NULL); } - else if (!is_pipe && S_ISFIFO(st.st_mode)) + else if (is_pipe && is_regular) { - msg_warning("WARNING: you are using the file driver, underlying file is a FIFO, it should be used by pipe()", + msg_warning("WARNING: you are using the pipe driver, underlying file is a regular file, it should be used by file()", evt_tag_str("filename", name), NULL); } if (regular) - *regular = !!S_ISREG(st.st_mode); + *regular = is_regular; } else if (regular) *regular = TRUE;
Regards,
Sandor ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
I'm still having problems getting the kernel messages. I currently have the following. This is 3.1.1 in OpenBSD 4.8. @version: 3.0 options { keep_hostname(yes); long_hostnames(off); flush_lines(0); }; source local { internal(); pipe("/dev/klog" program_override("kernel")); unix-dgram("/dev/log"); }; destination ls_kernel { file("/var/log/kernel.log"); }; filter f_kernel { match("kernel" value("MESSAGE")); }; filter f_server { host("server"); }; log { source(local); filter(f_server); filter(f_kernel); destination(ls_kernel); }; Please advise. Phusion
On Fri, Apr 08, 2011 at 11:52:19AM -0500, Phusion wrote:
I'm still having problems getting the kernel messages. I currently have the following. This is 3.1.1 in OpenBSD 4.8.
@version: 3.0 options { keep_hostname(yes); long_hostnames(off); flush_lines(0); }; source local { internal(); pipe("/dev/klog" program_override("kernel")); unix-dgram("/dev/log"); }; destination ls_kernel { file("/var/log/kernel.log"); }; filter f_kernel { match("kernel" value("MESSAGE")); }; filter f_server { host("server"); }; log { source(local); filter(f_server); filter(f_kernel); destination(ls_kernel); };
Please advise. Phusion
My advice: take a default config file from $BSD. Then back up yours and replace it. See if you can get it to work with the default file before proceeding with a custom file. Enable foreground operation and some verbose stderr logging to watch what it does when it works: -F, --foreground Do not go into the background after initialization Log options -v, --verbose Be a bit more verbose -d, --debug Enable debug messages -t, --trace Enable trace messages -e, --stderr Log messages to stderr Basically, start from the absolute basics and work your way up from there to your custom setup. I think that your filters could be backwards from what you want because matching against a filter means it gets filtered out. The debug logs will help you verify these things. You also want to read the manual to verify the meaning of every config option you are using in case they have unexpected side effects. Matthew.
On a second thought this patch doesn't make too much sense now, so just ignore it. Sorry for the noise... On Fri, Apr 8, 2011 at 11:14 AM, Sandor Geller <sandorg@morganstanley.com> wrote:
Hello Bazsi,
On Fri, Apr 8, 2011 at 12:36 AM, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Mon, 2011-04-04 at 12:18 +0200, Sandor Geller wrote:
Hello,
On Sun, Apr 3, 2011 at 9:02 PM, Gergely Nagy <algernon@balabit.hu> wrote:
Phusion <phusion2k@gmail.com> writes:
When trying to convert this for syslog-ng 3.x under OpenBSD. I have an error. When I use syslog-ng -s -f ../syslog-ng.conf it works, but when I run syslog-ng -p /var/run/syslog-ng.pid, I get the following error.
# /usr/local/sbin/syslog-ng -p /var/run/syslog-ng.pid WARNING: you are using the pipe driver, underlying file is not a FIFO, it should be used by file(); filename='/dev/klog'
The warning pretty much tells you what to do, and why: change pipe() to file(), because /dev/klog appears to be something else than your common pipe.
This warning is misleading. As reported a while ago using file() for anything else than non-regular files could lead to severe problems.
In syslog-ng 2.x, things worked a bit differently (the details escape me, I'm afraid), which changed in 3.x, and thus, the warning is printed.
Here is the current source line using syslog-ng 3.0 under OpenBSD 4.8.
source local { internal(); pipe("/dev/klog" program_override("kernel: ")); unix-dgram("/dev/log"); };
Change it to something like this:
source local { internal(); file("/dev/klog" program_override("kernel: ")); unix-dgram("/dev/log"); };
Don't do this. Commit 61940d18c205d36cb7dd0b30dba741cc8459e2ac fixed the underlying problem in the 3.2 branch. When a new version will get released then the warning would remain but at least syslog-ng would actually check that the source is a regular file and assume readability only in this case, otherwise it will poll() the source which is the wanted behaviour for character devices and pipes.
But If I remember correctly, that only affected 3.2, right?
In 3.0.8 using pipe() on a non-fifo source or using file() on a fifo source was a fatal error. In 3.1.3 the errors were downgraded to warnings, 3.2 behaves more or less the same. I haven't checked 3.3 yet.
In 3.2 git there is an additional check so LW_ALWAYS_WRITABLE is set only for regular file destinations which fixes the blocking write problem reported on the list a while ago but there is still a warning which could get suppressed. I think pipe should be the preferred driver for anything else than regular files, an extra poll() won't hurt. What do you think about this patch?
--- affile.c 2011-02-13 14:34:38.000000000 +0100 +++ affile.c-new 2011-04-08 11:13:52.000000000 +0200 @@ -46,6 +46,7 @@ { cap_t saved_caps; struct stat st; + gboolean is_regular;
if (strstr(name, "../") || strstr(name, "/..")) { @@ -75,20 +76,21 @@ *fd = -1; if (stat(name, &st) >= 0) { - if (is_pipe && !S_ISFIFO(st.st_mode)) + is_regular = !!S_ISREG(st.st_mode); + if (!is_pipe && !is_regular) { - msg_warning("WARNING: you are using the pipe driver, underlying file is not a FIFO, it should be used by file()", + msg_warning("WARNING: you are using the file driver, underlying file is not a regular file, it should be used by pipe()", evt_tag_str("filename", name), NULL); } - else if (!is_pipe && S_ISFIFO(st.st_mode)) + else if (is_pipe && is_regular) { - msg_warning("WARNING: you are using the file driver, underlying file is a FIFO, it should be used by pipe()", + msg_warning("WARNING: you are using the pipe driver, underlying file is a regular file, it should be used by file()", evt_tag_str("filename", name), NULL); } if (regular) - *regular = !!S_ISREG(st.st_mode); + *regular = is_regular; } else if (regular) *regular = TRUE;
Regards,
Sandor
On Fri, 2011-04-08 at 11:14 +0200, Sandor Geller wrote:
Hello Bazsi,
On Fri, Apr 8, 2011 at 12:36 AM, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Mon, 2011-04-04 at 12:18 +0200, Sandor Geller wrote:
Hello,
On Sun, Apr 3, 2011 at 9:02 PM, Gergely Nagy <algernon@balabit.hu> wrote:
Phusion <phusion2k@gmail.com> writes:
When trying to convert this for syslog-ng 3.x under OpenBSD. I have an error. When I use syslog-ng -s -f ../syslog-ng.conf it works, but when I run syslog-ng -p /var/run/syslog-ng.pid, I get the following error.
# /usr/local/sbin/syslog-ng -p /var/run/syslog-ng.pid WARNING: you are using the pipe driver, underlying file is not a FIFO, it should be used by file(); filename='/dev/klog'
The warning pretty much tells you what to do, and why: change pipe() to file(), because /dev/klog appears to be something else than your common pipe.
This warning is misleading. As reported a while ago using file() for anything else than non-regular files could lead to severe problems.
In syslog-ng 2.x, things worked a bit differently (the details escape me, I'm afraid), which changed in 3.x, and thus, the warning is printed.
Here is the current source line using syslog-ng 3.0 under OpenBSD 4.8.
source local { internal(); pipe("/dev/klog" program_override("kernel: ")); unix-dgram("/dev/log"); };
Change it to something like this:
source local { internal(); file("/dev/klog" program_override("kernel: ")); unix-dgram("/dev/log"); };
Don't do this. Commit 61940d18c205d36cb7dd0b30dba741cc8459e2ac fixed the underlying problem in the 3.2 branch. When a new version will get released then the warning would remain but at least syslog-ng would actually check that the source is a regular file and assume readability only in this case, otherwise it will poll() the source which is the wanted behaviour for character devices and pipes.
But If I remember correctly, that only affected 3.2, right?
In 3.0.8 using pipe() on a non-fifo source or using file() on a fifo source was a fatal error. In 3.1.3 the errors were downgraded to warnings, 3.2 behaves more or less the same. I haven't checked 3.3 yet.
In 3.2 git there is an additional check so LW_ALWAYS_WRITABLE is set only for regular file destinations which fixes the blocking write problem reported on the list a while ago but there is still a warning which could get suppressed. I think pipe should be the preferred driver for anything else than regular files, an extra poll() won't hurt. What do you think about this patch?
--- affile.c 2011-02-13 14:34:38.000000000 +0100 +++ affile.c-new 2011-04-08 11:13:52.000000000 +0200 @@ -46,6 +46,7 @@ { cap_t saved_caps; struct stat st; + gboolean is_regular;
if (strstr(name, "../") || strstr(name, "/..")) { @@ -75,20 +76,21 @@ *fd = -1; if (stat(name, &st) >= 0) { - if (is_pipe && !S_ISFIFO(st.st_mode)) + is_regular = !!S_ISREG(st.st_mode); + if (!is_pipe && !is_regular) { - msg_warning("WARNING: you are using the pipe driver, underlying file is not a FIFO, it should be used by file()", + msg_warning("WARNING: you are using the file driver, underlying file is not a regular file, it should be used by pipe()", evt_tag_str("filename", name), NULL); } - else if (!is_pipe && S_ISFIFO(st.st_mode)) + else if (is_pipe && is_regular) { - msg_warning("WARNING: you are using the file driver, underlying file is a FIFO, it should be used by pipe()", + msg_warning("WARNING: you are using the pipe driver, underlying file is a regular file, it should be used by file()", evt_tag_str("filename", name), NULL); } if (regular) - *regular = !!S_ISREG(st.st_mode); + *regular = is_regular; } else if (regular) *regular = TRUE;
Regards,
Sandor
The intent has always been to use pipe() for named pipes, and file() for everything else. I'm now thinking about introducing a device() destination/source which would be equivalent to file(), but follow_freq() would not be allowed. What do you think? -- Bazsi
Balazs Scheidler <bazsi@balabit.hu> writes:
The intent has always been to use pipe() for named pipes, and file() for everything else.
I'm now thinking about introducing a device() destination/source which would be equivalent to file(), but follow_freq() would not be allowed.
What do you think?
I like the idea. It can also give hints to syslog-ng so that it won't try to use readiness notification systems that don't support devices (yes, I know 3.3 does some auto-detection, but I don't always trust the OS to be reasonable :P). -- |8]
On 04/15/2011 04:25:31 PM, Balazs Scheidler wrote:
On Fri, 2011-04-08 at 11:14 +0200, Sandor Geller wrote:
Hello Bazsi,
On Fri, Apr 8, 2011 at 12:36 AM, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Mon, 2011-04-04 at 12:18 +0200, Sandor Geller wrote:
Hello,
On Sun, Apr 3, 2011 at 9:02 PM, Gergely Nagy <algernon@balabit.hu> wrote:
Phusion <phusion2k@gmail.com> writes:
When trying to convert this for syslog-ng 3.x under OpenBSD. I have an error. When I use syslog-ng -s -f ../syslog-ng.conf it works, but when I run syslog-ng -p /var/run/syslog-ng.pid, I get the following error.
# /usr/local/sbin/syslog-ng -p /var/run/syslog-ng.pid WARNING: you are using the pipe driver, underlying file is not a FIFO, it should be used by file(); filename='/dev/klog'
The warning pretty much tells you what to do, and why: change pipe() to file(), because /dev/klog appears to be something else than your common pipe.
This warning is misleading. As reported a while ago using file() for anything else than non-regular files could lead to severe problems.
In syslog-ng 2.x, things worked a bit differently (the details escape me, I'm afraid), which changed in 3.x, and thus, the warning is printed.
Here is the current source line using syslog-ng 3.0 under OpenBSD 4.8.
source local { internal(); pipe("/dev/klog" program_override("kernel: ")); unix-dgram("/dev/log"); };
Change it to something like this:
source local { internal(); file("/dev/klog" program_override("kernel: ")); unix-dgram("/dev/log"); };
Don't do this. Commit 61940d18c205d36cb7dd0b30dba741cc8459e2ac fixed the underlying problem in the 3.2 branch. When a new version will get released then the warning would remain but at least syslog-ng would actually check that the source is a regular file and assume readability only in this case, otherwise it will poll() the source which is the wanted behaviour for character devices and pipes.
But If I remember correctly, that only affected 3.2, right?
In 3.0.8 using pipe() on a non-fifo source or using file() on a fifo source was a fatal error. In 3.1.3 the errors were downgraded to warnings, 3.2 behaves more or less the same. I haven't checked 3.3 yet.
In 3.2 git there is an additional check so LW_ALWAYS_WRITABLE is set only for regular file destinations which fixes the blocking write problem reported on the list a while ago but there is still a warning which could get suppressed. I think pipe should be the preferred driver for anything else than regular files, an extra poll() won't hurt. What do you think about this patch?
--- affile.c 2011-02-13 14:34:38.000000000 +0100 +++ affile.c-new 2011-04-08 11:13:52.000000000 +0200 @@ -46,6 +46,7 @@ { cap_t saved_caps; struct stat st; + gboolean is_regular;
if (strstr(name, "../") || strstr(name, "/..")) { @@ -75,20 +76,21 @@ *fd = -1; if (stat(name, &st) >= 0) { - if (is_pipe && !S_ISFIFO(st.st_mode)) + is_regular = !!S_ISREG(st.st_mode); + if (!is_pipe && !is_regular) { - msg_warning("WARNING: you are using the pipe driver, underlying file is not a FIFO, it should be used by file()", + msg_warning("WARNING: you are using the file driver, underlying file is not a regular file, it should be used by pipe ()", evt_tag_str("filename", name), NULL); } - else if (!is_pipe && S_ISFIFO(st.st_mode)) + else if (is_pipe && is_regular) { - msg_warning("WARNING: you are using the file driver, underlying file is a FIFO, it should be used by pipe()", + msg_warning("WARNING: you are using the pipe driver, underlying file is a regular file, it should be used by file()", evt_tag_str("filename", name), NULL); } if (regular) - *regular = !!S_ISREG(st.st_mode); + *regular = is_regular; } else if (regular) *regular = TRUE;
Regards,
Sandor
The intent has always been to use pipe() for named pipes, and file() for everything else.
I'm now thinking about introducing a device() destination/source which would be equivalent to file(), but follow_freq() would not be allowed.
What do you think?
Sorry if I'm missing something, but do we really need a separate driver that is almost entirely the same as another one? Robi
-- Bazsi
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Robert Fekete <frobert@balabit.com> writes:
The intent has always been to use pipe() for named pipes, and file() for everything else.
I'm now thinking about introducing a device() destination/source which would be equivalent to file(), but follow_freq() would not be allowed.
What do you think?
Sorry if I'm missing something, but do we really need a separate driver that is almost entirely the same as another one?
It's not a separate driver, it'd be syntactic sugar only. Meaning, that device("/dev/klog") would be exactly the same as file("/dev/klog" follow_freq(0)), just easier to write, and device() can have additional restrictions like not allowing follow_freq(). (At least, that's how I understood it - a completely separate thing wouldn't make much sense, indeed) -- |8]
On Fri, 2011-04-15 at 20:40 +0200, Gergely Nagy wrote:
Robert Fekete <frobert@balabit.com> writes:
The intent has always been to use pipe() for named pipes, and file() for everything else.
I'm now thinking about introducing a device() destination/source which would be equivalent to file(), but follow_freq() would not be allowed.
What do you think?
Sorry if I'm missing something, but do we really need a separate driver that is almost entirely the same as another one?
It's not a separate driver, it'd be syntactic sugar only. Meaning, that device("/dev/klog") would be exactly the same as file("/dev/klog" follow_freq(0)), just easier to write, and device() can have additional restrictions like not allowing follow_freq().
(At least, that's how I understood it - a completely separate thing wouldn't make much sense, indeed)
Yes, that's what I've meant. -- Bazsi
participants (6)
-
Balazs Scheidler
-
Gergely Nagy
-
Matthew Hall
-
Phusion
-
Robert Fekete
-
Sandor Geller