[syslog-ng] "Illegal seek" with file("/proc/net/xt_recent/violators")
Evan Rempel
erempel at uvic.ca
Sat Sep 7 16:12:16 CEST 2013
Couldn't you just use flush_lines(1) for that destination?
Evan Rempel 250.271.7691
University Systems, University of Victoria
Balazs Scheidler <bazsi77 at gmail.com> wrote:
I think we could accomodate this use case with a separate driver/scl snippet.
Smtg like
Destination { procfile(...) };
What options eould you think are needed in this usecase)
On Sep 6, 2013 5:43 PM, "Valentijn Sessink" <valentyn at blub.net<mailto:valentyn at blub.net>> wrote:
On 04-09-13 14:40, Gergely Nagy wrote:
> This has been fixed in 3.4's git tree, and will be part of 3.4.4
> release.
I tried it, but it doesn't seem to help. There's something weird about
the xt_recent.c file handling. I tried to understand it's source, but I
couldn't find out. It seems that *loff is different from file->f_pos,
and can't be simply changed with lseek().
Bottom line is, that although *loff should be 0, an lseek() will not help.
So I kindly suggest: please revert any changes that you made to
accomodate to this /proc thing - they are of no use, at this moment.
For now, xt_recent should be written with single lines only,
open()-write()-close() and repeat. Even using program("cat > ....")
doesn't work correctly; it will write the first IP address, then fail
with the second, bail out, and syslog_ng will start another cat to write
the next IP-address.
"most proc files support only one-shot writes" is what I learned from
someone at #kernelnewbies, so that's probably the final word on this.
I think the best thing is using some sort of piping program in between;
I'm not sure what I'm going to use - should any of you readers have a
good idea, please say so.
After a couple of days of trying to grasp xt_recent.c in combination
with syslog-ng file() - without avail :-( - I'm going to have a beer.
That won't help my logging, but it will help my mood! Happy friday
afternoon, dear fellow Europeans ;-) and have a nice weekend for all of you.
Best regards,
Valentijn
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130907/4c98a3f8/attachment.htm
More information about the syslog-ng
mailing list