[syslog-ng] "Illegal seek" with file("/proc/net/xt_recent/violators")

[Valentijn Sessink]

Hi Balazs,

On 07-09-13 07:22, Balazs Scheidler wrote:
> I think we could accomodate this use case with a separate driver/scl
> snippet.
>
> Smtg like
>
> Destination { procfile(...) };
>
> What options eould you think are needed in this usecase)

Well, the only somewhat important thing I can think of is what to do 
when errors occur:
- an option to keep messages until the /proc file comes into existence, 
or to throw them away. This means ignoring or reacting on errors during 
the open() phase of writing the message to /proc
- an option that tells syslog-ng to ignore write errors, i.e. during the 
write() phase. Normally, syslog-ng queues any writes that did not 
succeed, but in this case, you most likely want to ignore writing 
errors. You might even want to ignore them really, really thoroughly 
(i.e. without an internal error), or ignore them - but do log them 
internally.

Being able to ignore write errors is vital, IMHO, because otherwise a 
single write error will basically just stop the rest of the messages, 
i.e. kill the proc-writing.

Also, for /proc output to be useful, you're going to need template(). I 
think log_fifo_size() could come in handy, too. Maybe throttle() is of 
some use.

I don't think the other options in file() are necessary: things like 
flush_lines, fsync, various time-zone-options, uid, gid and permission 
stuff, mark_mode (should be "none"), various create_ and overwrite 
options are all unnecessary when writing to /proc, I think.

(As a side note: back in 2011 you had this "ignore-errors" flag, in 
commit bae327dc1754909bba62b09c7a5dda6dadf534eb, for the very same 
reason; I'm not sure if it's still there, but if it is: I don't think 
it's documented...)

I hope the above is of use. I'd be happy to try things out.

Best regards,

Valentijn