[syslog-ng]logging to a named pipe?
Michael Rash
syslog-ng@lists.balabit.hu
Thu, 2 Sep 2004 23:25:44 -0400
On Sep 02, 2004, Loic Minier wrote:
> Michael Rash <mbr@cipherdyne.org> - Wed, Sep 01, 2004:
>
> > I would like to use syslog-ng to log priority info kernel messages
> > to a named pipe, and I seem to have an issue with defining a correct
> > filter.
> > But, the addition of the kern facility in the filter seems to cause
> > syslog-ng to not open the named pipe (lsof returns nothing).
>
> Where are your kernel messages coming from? Do they really have the "kern"
> facility?
Well, I think that kernel message do come from the kern facility (is
this configurable?).
The strange thing is that using either of the following two filters
works perfectly:
filter f_kerninfo { facility(kern); };
or
filter f_kerninfo { level(info); };
But, when I combine the filters with an "and" like:
filter f_kerninfo { facility(kern) and level(info); };
syslog-ng seems to not be able to open the named pipe. Why does the
"and" condition matter? The syslog-ng reference manual seems to
indicate that it should support this.
--Mike
Michael Rash
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F