Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
syslog-ng /proc/kmsg
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
mimosinnet
Guru
Guru


Joined: 10 Aug 2006
Posts: 525
Location: Barcelona, Spain

PostPosted: Wed May 09, 2007 9:25 am    Post subject: syslog-ng /proc/kmsg Reply with quote

I have just installed syslog-ng and, to understand it, I am updating the syslog-ng howto in Gentoo Wiki. The question is the following:

When emerging syslog-ng, the default configuration file has this source:
Code:
source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };


The syslog-ng admin guide says:
Quote:
7.1.6. pipe()
The pipe driver opens a named pipe with the specified name and listens for messages. It is used as the native
message delivery protocol on HP-UX.
The pipe driver has a single required parameter, specifying the filename of the pipe to open. [...] Pipe is very similar to the file() driver, but there are a few differences, for example pipe() opens its argument in read-write mode, therefore it is not recommended to be used on special files like /proc/kmsg.


I am just curious on the contradiction between the guide and the default configuration file (but not in the suggested Gentoo configuration). Can anyone give me some light on this? Also, if anyone sees any conceptual or linguistic error it the syslog-ng howto I would appreciate corrections.
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1566
Location: U.S.A.

PostPosted: Sat May 12, 2007 3:45 am    Post subject: Reply with quote

it's a classic performance vs. security trade-off

I'm glad you're fixing that howto. I had to go through the same thing you are (figuring it out for myself).

Suggestion: explore proper use of flags_final as a way to eliminate redundant processing. For example:

Code:

log { source(s_main); filter(f_alerts); destination(d_alerts); };
log { source(s_main); filter(f_authpriv); destination(d_authpriv); };
log { source(s_main); filter(f_kern); destination(d_kern); };
log { source(s_main); filter(f_mail); destination(d_mail); };
log { source(s_main); filter(f_ntp); destination(d_ntp); };
log { source(s_main); filter(f_cron); destination(d_cron); flags(final); };
log { source(s_main); filter(f_debug); destination(d_debug); flags(final); };
log { source(s_main); filter(f_messages); destination(d_console); destination(d_messages); };
Back to top
View user's profile Send private message
mimosinnet
Guru
Guru


Joined: 10 Aug 2006
Posts: 525
Location: Barcelona, Spain

PostPosted: Sat May 12, 2007 8:18 pm    Post subject: Reply with quote

BoneKracker wrote:
Suggestion: explore proper use of flags_final as a way to eliminate redundant processing.


Awsome! :D I have added your answer and suggestion to the syslog-ng howto and I have played with the flag(final) in my own /etc/syslog-ng/syslog-ng.conf. It's great! Many thanks!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum