RE: [syslog-ng]cannot get sec.pl to exit after syslog-ng does
Nate, I don't think it's perl, but syslog-ng. What version of syslog-ng are you running? I looked at the source for 'afprogram.c' in both 1.6.2 and the 1.7.0+20040428 where it forks the child to run the program. Using the code as follows, how could you do anything _but_ run /bin/sh -c ... if (pid == 0) { int fd = open("/dev/null", O_WRONLY); dup2(msgpipe[0], 0); dup2(fd, 1); dup2(fd, 2); close(fd); close(msgpipe[1]); execl("/bin/sh", "/bin/sh", "-c", self->progname->data, NULL); _exit(127); } I'm still reading through the code, but I don't think that syslog-ng passes along the necessary signals to it's children. When I HUP syslog-ng, it spawns another sec.pl as well, not SIGTERM'ing the first one. Am I not understanding the behavior of syslog-ng, doing something wrong, or is this some sort of bug in syslog-ng? FYI, sec.pl's behavior is documented as follows in the SEC man page: SIGTERM SEC will terminate gracefully (all SEC child processes will receive SIGTERM). Shouldn't syslog-ng do the same? Thanks, Tony -- "Computer science is as much about computers as astronomy is about telescopes" -- Edsger Dijkstra --------------------------------------------------------- Anthony Tonns, UNIX Administrator - atonns@mail.ivillage.com
-----Original Message----- From: Nate Campi [mailto:nate@campin.net] Sent: Wednesday, April 28, 2004 5:06 PM To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]cannot get sec.pl to exit after syslog-ng does
I read your message too fast the first time, it appears that you still have it spawned by a shell with no shell redirection characters.
23330 ? S 2:11 /sbin/syslog-ng 23331 ? S 0:00 \_ /usr/bin/perl /usr/bin/swatch --script-dir=/root --read-pipe=cat /dev 23346 ? S 0:31 | \_ perl /root/.swatch_script.23331 23370 ? S 0:02 | \_ cat /dev/fd/0 23334 ? S 3:24 \_ /usr/bin/perl -w /usr/local/sbin/sec.pl -input=- -conf=/usr/local/etc
I don't have a shell starting sec on linux. Maybe it's perl on solaris doing this. I can't say. -- Nate
"Guide to understanding a net.addict's day: Slow day: didn't have much to do, so spent three hours on usenet. Busy day: managed to work in three hours of usenet. Bad day: barely squeezed in three hours of usenet." - Unknown
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
iVillage Inc., 500 Seventh Avenue, New York, NY 10018 - iVillage Inc. is a leading women's media company that includes iVillage.com, Women.com, gURL.com, Astrology.com, Promotions.com, iVillage Parenting Network, The Newborn Channel, Lamaze Publishing, Business Women's Network, Diversity Best Practices, Best Practices in Corporate Communications, and iVillage Consulting. The information contained in this communication may be confidential, is intended only for the use of the recipient named above, and may be construed under applicable law to be a commercial email. If you have received this communication in error, please delete this message from your computer system. If you are the recipient named above and do not wish to receive any future commercial emails, please reply to the sender with a message stating such preference.
On Wed, Apr 28, 2004 at 05:49:30PM -0400, atonns@mail.ivillage.com wrote:
I don't think it's perl, but syslog-ng. What version of syslog-ng are you running? I looked at the source for 'afprogram.c' in both 1.6.2 and the 1.7.0+20040428 where it forks the child to run the program. Using the code as follows, how could you do anything _but_ run /bin/sh -c ...
if (pid == 0) { int fd = open("/dev/null", O_WRONLY);
dup2(msgpipe[0], 0); dup2(fd, 1); dup2(fd, 2); close(fd); close(msgpipe[1]); execl("/bin/sh", "/bin/sh", "-c", self->progname->data, NULL); _exit(127); }
Ok. I don't know why mine is a child of syslog-ng, and it properly terminates when syslog-ng does. We must not be on the same version or something. 1.5.26 here. -- Nate "One only needs two tools in life: WD-40 to make things go, and duck tape to make them stop." - Weilacher, G. M.
On Wed, Apr 28, 2004 at 02:58:47PM -0700, Nate Campi wrote:
Ok. I don't know why mine is a child of syslog-ng, and it properly terminates when syslog-ng does. We must not be on the same version or something. 1.5.26 here.
I just fired up sec on a solaris 9 box: 9130 /usr/local/sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf 16508 /bin/sh -c /usr/local/sbin/sec.pl -input="-" -conf=/usr/local/etc/sec.conf 16509 /usr/bin/perl -w /usr/local/sbin/sec.pl -input=- -conf=/usr/local/etc/sec.conf It isn't perl either, since starting a program with no arguments or redirection also gets started by a shell on solaris: 9130 /usr/local/sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf 16508 /bin/sh -c /usr/local/sbin/sec.pl -input="-" -conf=/usr/local/etc/sec.conf 16509 /usr/bin/perl -w /usr/local/sbin/sec.pl -input=- -conf=/usr/local/etc/sec.conf 16616 /bin/sh -c /usr/local/bin/splogger 16617 /usr/local/bin/splogger 16618 /bin/sh -c /usr/local/sbin/sec.pl -input="-" -conf=/usr/local/etc/sec.conf 16619 /usr/bin/perl -w /usr/local/sbin/sec.pl -input=- -conf=/usr/local/etc/sec.conf Notice the two SEC's, I hupped syslog-ng when adding this: #--------------------------- destination d_splogger { program("/usr/local/bin/splogger"); }; # send all logs to splogger log { source(src); filter(f_not_brightmail); destination(d_splogger); }; #--------------------------- So it's certainly different behavior on Linux and Solaris in respect to starting child processes (syslog-ng 1.5.24 on Solaris). Bazsi can you explain what's going on here? -- Nate Program /n./ 1. A magic spell cast over a computer allowing it to turn one's input into error messages. 2. An exercise in experimental epistemology. 3. A form of art, ostensibly intended for the instruction of computers, which is nevertheless almost inevitably a failure if other programmers can't understand it. - From the Jargon File.
participants (2)
-
atonns@mail.ivillage.com
-
Nate Campi