[syslog-ng]logging to a named pipe?

Wed, 1 Sep 2004 22:49:47 -0400

Hi -

I would like to use syslog-ng to log priority info kernel messages
to a named pipe, and I seem to have an issue with defining a correct
filter.

This config works:

    destination psadpipe { pipe("/var/lib/psad/psadfifo"); };
    filter f_kerninfo { level(info); };
    log { source(src); filter(f_kerninfo); destination(psadpipe); };

We can see that it works because syslog-ng has opened the named
pipe under the output of lsof:

    # lsof |grep psadfifo
    syslog-ng 22675   root   8u  FIFO     3,3      699187 /var/lib/psad/psadfifo

However, the above config should really use the filter:

    filter f_kerninfo { facility(kern) and level(info); };

But, the addition of the kern facility in the filter seems to cause
syslog-ng to not open the named pipe (lsof returns nothing).

Not being intimately familiar with syslog-ng, can anyone give me
any pointers?  I'm running syslog-ng 1.6.4 on Gentoo Linux.

Thanks,

--Mike

Michael Rash
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F