[syslog-ng]why does syslog-ng open /proc/kmsg read/write?
Philip J. Hollenback
syslog-ng@lists.balabit.hu
Tue, 1 Feb 2005 08:58:10 -0500
While setting up syslog-ng 1.6.5 on Fedora Core 1 linux, I noticed a
discrepancy between it and regular syslog: syslog-ng opens /proc/kmsg
read/write.
Here's my source entry in syslog-ng.conf:
source local {
pipe ("/proc/kmsg" log_prefix("kernel: "));
unix-stream ("/dev/log");
udp();
internal();
};
And lsof says:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
syslog-ng 11320 root 3u REG 0,2 0 4112 /proc/kmsg
The 'u' in the FD field means the file is open read/write.
Regular syslog opens /proc/kmsg read-only. This seems to be the
correct behavior, as you only ever read from that file.
I notice syslog-ng also opens /dev/log read/write, so I suspect it
opens all input files with that mode.
Does someone have an explanation for this, or is it a bug in
syslog-ng?
Thanks,
P.
--
Philip J. Hollenback
Telemetry Investments
phollenback@telemetry-investments.com