[syslog-ng] Question about syntax for source

Sandor Geller Sandor.Geller at morganstanley.com
Mon Apr 4 12:18:03 CEST 2011


Hello,

On Sun, Apr 3, 2011 at 9:02 PM, Gergely Nagy <algernon at balabit.hu> wrote:
> Phusion <phusion2k at gmail.com> writes:
>
>> When trying to convert this for syslog-ng 3.x under OpenBSD. I have an
>> error. When I use syslog-ng -s -f ../syslog-ng.conf it works, but when
>> I run syslog-ng -p /var/run/syslog-ng.pid, I get the following error.
>>
>> # /usr/local/sbin/syslog-ng -p /var/run/syslog-ng.pid
>> WARNING: you are using the pipe driver, underlying file is not a FIFO,
>> it should be used by file(); filename='/dev/klog'
>
> The warning pretty much tells you what to do, and why: change pipe() to
> file(), because /dev/klog appears to be something else than your common
> pipe.

This warning is misleading. As reported a while ago using file() for
anything else than non-regular files could lead to severe problems.

> In syslog-ng 2.x, things worked a bit differently (the details escape
> me, I'm afraid), which changed in 3.x, and thus, the warning is printed.
>
>> Here is the current source line using syslog-ng 3.0 under OpenBSD 4.8.
>>
>> source local { internal(); pipe("/dev/klog" program_override("kernel:
>> ")); unix-dgram("/dev/log"); };
>
> Change it to something like this:
>
> source local {
>       internal();
>       file("/dev/klog" program_override("kernel: "));
>       unix-dgram("/dev/log");
> };

Don't do this. Commit 61940d18c205d36cb7dd0b30dba741cc8459e2ac fixed
the underlying problem in the 3.2 branch. When a new version will get
released then the warning would remain but at least syslog-ng would
actually check that the source is a regular file and assume
readability only in this case, otherwise it will poll() the source
which is the wanted behaviour for character devices and pipes.

Regards,

Sandor


More information about the syslog-ng mailing list