why does syslog-ng open /proc/kmsg read/write?
While setting up syslog-ng 1.6.5 on Fedora Core 1 linux, I noticed a discrepancy between it and regular syslog: syslog-ng opens /proc/kmsg read/write. Here's my source entry in syslog-ng.conf: source local { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); udp(); internal(); }; And lsof says: COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME syslog-ng 11320 root 3u REG 0,2 0 4112 /proc/kmsg The 'u' in the FD field means the file is open read/write. Regular syslog opens /proc/kmsg read-only. This seems to be the correct behavior, as you only ever read from that file. I notice syslog-ng also opens /dev/log read/write, so I suspect it opens all input files with that mode. Does someone have an explanation for this, or is it a bug in syslog-ng? Thanks, P. -- Philip J. Hollenback Telemetry Investments phollenback@telemetry-investments.com
On Tue, 2005-02-01 at 08:58 -0500, Philip J. Hollenback wrote:
While setting up syslog-ng 1.6.5 on Fedora Core 1 linux, I noticed a discrepancy between it and regular syslog: syslog-ng opens /proc/kmsg read/write.
Here's my source entry in syslog-ng.conf:
source local { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); udp(); internal(); };
And lsof says:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME syslog-ng 11320 root 3u REG 0,2 0 4112 /proc/kmsg
The 'u' in the FD field means the file is open read/write.
use file() instead of pipe() that will open /proc/kmsg in readonly mode. Pipes have to be opened in read-write mode.
I notice syslog-ng also opens /dev/log read/write, so I suspect it opens all input files with that mode.
/dev/log is a socket not a file. -- Bazsi
On 02/01/05, Balazs Scheidler wrote:
On Tue, 2005-02-01 at 08:58 -0500, Philip J. Hollenback wrote:
While setting up syslog-ng 1.6.5 on Fedora Core 1 linux, I noticed a discrepancy between it and regular syslog: syslog-ng opens /proc/kmsg read/write.
Here's my source entry in syslog-ng.conf:
source local { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); udp(); internal(); };
And lsof says:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME syslog-ng 11320 root 3u REG 0,2 0 4112 /proc/kmsg
The 'u' in the FD field means the file is open read/write.
use file() instead of pipe() that will open /proc/kmsg in readonly mode. Pipes have to be opened in read-write mode.
I figured that out by checking the source code (RTFS?). The real confusion comes from a mismatch between the syslog-ng reference manual and the example syslog-ng.conf.Redhat in the contrib directory. The reference manual indicates that /proc/kmsg should be opened with file(). syslog-ng.conf.Redhat, however, opens /proc/kmsg with pipe(). I believe that the reference manual is correct and that syslog-ng.conf.Redhat is incorrect and should be change to use file instead of pipe. Thanks, P. -- Philip J. Hollenback Telemetry Investments phollenback@telemetry-investments.com
participants (2)
-
Balazs Scheidler
-
Philip J. Hollenback