[syslog-ng] why does syslog-ng open /proc/kmsg read/write?
Philip J. Hollenback
syslog-ng@lists.balabit.hu
Wed, 2 Feb 2005 08:23:41 -0500
On 02/01/05, Balazs Scheidler wrote:
> On Tue, 2005-02-01 at 08:58 -0500, Philip J. Hollenback wrote:
> > While setting up syslog-ng 1.6.5 on Fedora Core 1 linux, I noticed a
> > discrepancy between it and regular syslog: syslog-ng opens /proc/kmsg
> > read/write.
> >
> > Here's my source entry in syslog-ng.conf:
> >
> > source local {
> > pipe ("/proc/kmsg" log_prefix("kernel: "));
> > unix-stream ("/dev/log");
> > udp();
> > internal();
> > };
> >
> > And lsof says:
> >
> > COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
> > syslog-ng 11320 root 3u REG 0,2 0 4112 /proc/kmsg
> >
> > The 'u' in the FD field means the file is open read/write.
>
> use file() instead of pipe() that will open /proc/kmsg in readonly mode.
> Pipes have to be opened in read-write mode.
I figured that out by checking the source code (RTFS?). The real
confusion comes from a mismatch between the syslog-ng reference manual
and the example syslog-ng.conf.Redhat in the contrib directory. The
reference manual indicates that /proc/kmsg should be opened with file().
syslog-ng.conf.Redhat, however, opens /proc/kmsg with pipe().
I believe that the reference manual is correct and that
syslog-ng.conf.Redhat is incorrect and should be change to use file
instead of pipe.
Thanks,
P.
--
Philip J. Hollenback
Telemetry Investments
phollenback@telemetry-investments.com