[syslog-ng] "Illegal seek" with file("/proc/net/xt_recent/violators")

Balazs Scheidler bazsi77 at gmail.com
Sat Sep 7 07:22:51 CEST 2013 

I think we could accomodate this use case with a separate driver/scl
snippet.

Smtg like

Destination { procfile(...) };

What options eould you think are needed in this usecase)
On Sep 6, 2013 5:43 PM, "Valentijn Sessink" <valentyn at blub.net> wrote:

> On 04-09-13 14:40, Gergely Nagy wrote:
> > This has been fixed in 3.4's git tree, and will be part of 3.4.4
> > release.
>
> I tried it, but it doesn't seem to help. There's something weird about
> the xt_recent.c file handling. I tried to understand it's source, but I
> couldn't find out. It seems that *loff is different from  file->f_pos,
> and can't be simply changed with lseek().
>
> Bottom line is, that although *loff should be 0, an lseek() will not help.
>
> So I kindly suggest: please revert any changes that you made to
> accomodate to this /proc thing - they are of no use, at this moment.
>
> For now, xt_recent should be written with single lines only,
> open()-write()-close() and repeat. Even using program("cat > ....")
> doesn't work correctly; it will write the first IP address, then fail
> with the second, bail out, and syslog_ng will start another cat to write
> the next IP-address.
>
> "most proc files support only one-shot writes" is what I learned from
> someone at #kernelnewbies, so that's probably the final word on this.
>
> I think the best thing is using some sort of piping program in between;
> I'm not sure what I'm going to use - should any of you readers have a
> good idea, please say so.
>
> After a couple of days of trying to grasp xt_recent.c in combination
> with syslog-ng file() - without avail :-( - I'm going to have a beer.
> That won't help my logging, but it will help my mood! Happy friday
> afternoon, dear fellow Europeans ;-) and have a nice weekend for all of
> you.
>
> Best regards,
>
> Valentijn
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130907/c64e88d8/attachment.htm

More information about the syslog-ng mailing list