[syslog-ng]why does syslog-ng open /proc/kmsg read/write?
Balazs Scheidler
syslog-ng@lists.balabit.hu
Tue, 01 Feb 2005 18:44:07 +0100
On Tue, 2005-02-01 at 08:58 -0500, Philip J. Hollenback wrote:
> While setting up syslog-ng 1.6.5 on Fedora Core 1 linux, I noticed a
> discrepancy between it and regular syslog: syslog-ng opens /proc/kmsg
> read/write.
>
> Here's my source entry in syslog-ng.conf:
>
> source local {
> pipe ("/proc/kmsg" log_prefix("kernel: "));
> unix-stream ("/dev/log");
> udp();
> internal();
> };
>
> And lsof says:
>
> COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
> syslog-ng 11320 root 3u REG 0,2 0 4112 /proc/kmsg
>
> The 'u' in the FD field means the file is open read/write.
use file() instead of pipe() that will open /proc/kmsg in readonly mode.
Pipes have to be opened in read-write mode.
> I notice syslog-ng also opens /dev/log read/write, so I suspect it
> opens all input files with that mode.
/dev/log is a socket not a file.
--
Bazsi