[syslog-ng] patterndb and intrusion prevention
Valentijn Sessink
valentyn at blub.net
Tue Aug 27 15:37:17 CEST 2013
Hi Matti,
I'm having problems as well with my own setup, since migrating to
syslog-ng 3.3.4. I only just found out (see my other message from
today). I'm getting "I/O error occurred while writing; fd='24',
error='Illegal seek (29)'" all over the place. I am guessing (from
reading the source, but still, guessing, as I did not really trace
calls), that somewhere, an open(O_APPEND) changed to the current lseek()
behaviour.
And, from what I tried, using lseek() on a /proc file does not seem to work.
So there: my own setup doesn't work.
I worked around it by using
destination d_syslogblock { program ("/bin/cat >
/proc/net/xt_recent/syslogblock" template("+${usracct.device}\n")
which somewhat works. It seems to do some buffering so it is not quite fast.
I'm hoping to get this resolved in a better way though, because calling
external programs (even if they're "cat") is what I was trying to avoid...
I hope this helps you. Did you find a way out?
Best regards,
Valentijn
On 31-07-13 00:00, Matt Zagrabelny wrote:
> but am having issues. Specifically, it does not seem that syslog-ng is
> writing the IPs to the xt_recent proc "file". Syslog-ng is writing
> them to a regular log file, though:
More information about the syslog-ng
mailing list