[syslog-ng] messed up permissions on /dev/null destination
on solaris
Balazs Scheidler
bazsi at balabit.hu
Tue Oct 18 17:14:05 CEST 2005
On Mon, 2005-10-17 at 09:18 -0700, Nate Campi wrote:
> On Mon, Oct 17, 2005 at 11:57:37AM -0400, Ed Ravin wrote:
> > But let's go one level deeper - why are the "operators" configuring
> > syslog-ng.conf to write to /dev/null in the first place and thus
> > making this error? It's because the sysadmins want to discard
> > certain log entries. Why not facilitate that by making a special
> > "discard" destination? Surely that has to more efficient than
> > opening up /dev/null, possibly changing its permissions, and then writing
> > data to it on a regular basis just to get thrown away.
>
> When I permanently plan to ignore certain messages, I just don't log
> them:
>
> filter f_not_pix {
> not match("%PIX");
> };
>
> log {
> source(local);
> filter(f_not_pix);
> destination(d_loghost_tcp);
> };
>
> My "f_not_pix" just internally discards it. Your idea of using a special
> "discard" destination would help make syslog-ng config files more
> self-explanatory though, which IMO is a fantastic thing. Reading my
> configs I would have to use a final flag to show that the message isn't
> logged again, and missing that the reader would have to inspect the rest
> of the file to understand if anything else would be done with a
> particular event.
you can create a destination which has no drivers, e.g. this is valid
and works as expected:
destination d_null {};
log { source(s_local); destination(d_null); };
>
> I normally only use /dev/null temporarily, when a firewall blocks a
> destination and I don't just want to leave syslog-ng trying to connect
> and overflowing the destination buffer for no reason. I modify the
> destination clause to use /dev/null for a bit.
you can comment out the tcp() destination driver in this case.
--
Bazsi
More information about the syslog-ng
mailing list