[syslog-ng]destination X { program(); }; and security

John I syslog-ng@moe.co.uk
Wed, 06 Jun 2001 18:04:17 +0100


How about not even using program(), instead sending it to a destination
that is a fifo (named pipe) and a program that listens to your fifo.

This would at least save the overhead of loading the program called by 
program() every time a log is sent that way.

Security wise, I guess you could make your program/script run as a 
different user.

I'm pretty sure this would work, correct me otherwise.

Cheers,
John

 
> > > Is using a program destination like "sed -e 's#<XX>#<YY>#' | your_prog"
> > > an option?
> >
> > You can do that?  I see that the program() destination is an execl()
> > call - I didn't think a pipe would work there.
> 
> hmm .. I guess you're right .. so you'd have to use a wrapper script to
> do that for you.
> 
> > Also, I noticed that items run via program() run as root - at least
> > when syslog-ng is run as root.  Is it possible to have syslog-ng drop
> > priveledges?  In fact, is it possible to have syslog-ng drop its own
> > priveledges as soon as possible and run as a normal user?  Perhaps as
> > nobody?
> 
> For program destinations, you could use "su -c your_program".