[syslog-ng]logging to a named pipe?
Balazs Scheidler
syslog-ng@lists.balabit.hu
Fri, 03 Sep 2004 12:10:59 +0200
On Thu, 2004-09-02 at 04:49, Michael Rash wrote:
> Hi -
>
> I would like to use syslog-ng to log priority info kernel messages
> to a named pipe, and I seem to have an issue with defining a correct
> filter.
>
> This config works:
>
> destination psadpipe { pipe("/var/lib/psad/psadfifo"); };
> filter f_kerninfo { level(info); };
> log { source(src); filter(f_kerninfo); destination(psadpipe); };
>
> We can see that it works because syslog-ng has opened the named
> pipe under the output of lsof:
>
> # lsof |grep psadfifo
> syslog-ng 22675 root 8u FIFO 3,3 699187 /var/lib/psad/psadfifo
>
> However, the above config should really use the filter:
>
> filter f_kerninfo { facility(kern) and level(info); };
>
> But, the addition of the kern facility in the filter seems to cause
> syslog-ng to not open the named pipe (lsof returns nothing).
The file is opened only when the first message hits the destination. So
you'll need to generate a real kernel message and then will syslog-ng
open its destination.
>
> Not being intimately familiar with syslog-ng, can anyone give me
> any pointers? I'm running syslog-ng 1.6.4 on Gentoo Linux.
>
> Thanks,
>
> --Mike
>
> Michael Rash
> http://www.cipherdyne.org/
> Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
--
Bazsi