View previous topic :: View next topic |
Author |
Message |
mimosinnet l33t
Joined: 10 Aug 2006 Posts: 713 Location: Barcelona, Spain
|
Posted: Wed May 09, 2007 9:25 am Post subject: syslog-ng /proc/kmsg |
|
|
I have just installed syslog-ng and, to understand it, I am updating the syslog-ng howto in Gentoo Wiki. The question is the following:
When emerging syslog-ng, the default configuration file has this source:
Code: | source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); }; |
The syslog-ng admin guide says:
Quote: | 7.1.6. pipe()
The pipe driver opens a named pipe with the specified name and listens for messages. It is used as the native
message delivery protocol on HP-UX.
The pipe driver has a single required parameter, specifying the filename of the pipe to open. [...] Pipe is very similar to the file() driver, but there are a few differences, for example pipe() opens its argument in read-write mode, therefore it is not recommended to be used on special files like /proc/kmsg. |
I am just curious on the contradiction between the guide and the default configuration file (but not in the suggested Gentoo configuration). Can anyone give me some light on this? Also, if anyone sees any conceptual or linguistic error it the syslog-ng howto I would appreciate corrections. |
|
Back to top |
|
|
Bones McCracker Veteran
Joined: 14 Mar 2006 Posts: 1611 Location: U.S.A.
|
Posted: Sat May 12, 2007 3:45 am Post subject: |
|
|
it's a classic performance vs. security trade-off
I'm glad you're fixing that howto. I had to go through the same thing you are (figuring it out for myself).
Suggestion: explore proper use of flags_final as a way to eliminate redundant processing. For example:
Code: |
log { source(s_main); filter(f_alerts); destination(d_alerts); };
log { source(s_main); filter(f_authpriv); destination(d_authpriv); };
log { source(s_main); filter(f_kern); destination(d_kern); };
log { source(s_main); filter(f_mail); destination(d_mail); };
log { source(s_main); filter(f_ntp); destination(d_ntp); };
log { source(s_main); filter(f_cron); destination(d_cron); flags(final); };
log { source(s_main); filter(f_debug); destination(d_debug); flags(final); };
log { source(s_main); filter(f_messages); destination(d_console); destination(d_messages); }; |
|
|
Back to top |
|
|
mimosinnet l33t
Joined: 10 Aug 2006 Posts: 713 Location: Barcelona, Spain
|
Posted: Sat May 12, 2007 8:18 pm Post subject: |
|
|
BoneKracker wrote: | Suggestion: explore proper use of flags_final as a way to eliminate redundant processing. |
Awsome! I have added your answer and suggestion to the syslog-ng howto and I have played with the flag(final) in my own /etc/syslog-ng/syslog-ng.conf. It's great! Many thanks! |
|
Back to top |
|
|
|