[syslog-ng] messed up permissions on /dev/null destination on solaris

Nate Campi nate at campin.net
Mon Oct 17 18:18:21 CEST 2005


On Mon, Oct 17, 2005 at 11:57:37AM -0400, Ed Ravin wrote:
> But let's go one level deeper - why are the "operators" configuring
> syslog-ng.conf to write to /dev/null in the first place and thus
> making this error?  It's because the sysadmins want to discard
> certain log entries.  Why not facilitate that by making a special
> "discard" destination?  Surely that has to more efficient than
> opening up /dev/null, possibly changing its permissions, and then writing
> data to it on a regular basis just to get thrown away.

When I permanently plan to ignore certain messages, I just don't log
them:

 filter f_not_pix {
                 not match("%PIX");
 };
 
 log {
         source(local);
         filter(f_not_pix);
         destination(d_loghost_tcp);
 };

My "f_not_pix" just internally discards it. Your idea of using a special
"discard" destination would help make syslog-ng config files more
self-explanatory though, which IMO is a fantastic thing. Reading my
configs I would have to use a final flag to show that the message isn't
logged again, and missing that the reader would have to inspect the rest
of the file to understand if anything else would be done with a
particular event.

I normally only use /dev/null temporarily, when a firewall blocks a
destination and I don't just want to leave syslog-ng trying to connect
and overflowing the destination buffer for no reason. I modify the
destination clause to use /dev/null for a bit.
-- 
Nate

"A distributed system is one in which the failure of a computer you
didn't even know existed can render your own computer unusable." -
Lamport, Leslie as quoted in CACM, June 1992



More information about the syslog-ng mailing list