Hi, Sean, On Fri, Jul 30, 2010 at 19:05, Sean Conner <[email protected]> wrote: > It was thus said that the Great Ryan Lynch once stated: >> Maybe everybody just uses UDP for local intra-daemon message routing? > > The default syslog() call uses a local UDP socket (usually '/dev/log') and > there's no overhead a programmer has to do in order to call syslog() (I > mean, a programm can call openlog(), but it's not mandatory). So programs > (other than syslogd) use local Unix UDP socket.
When I wrote "UDP", I could have been clearer--I meant "UDP over a loopback IP connection", not over a local socket. That's the distinction: Are you calling sendto() to a listener on 127.0.01, or to a listener on /dev/log? The point here is that RSyslog cannot natively send its output to /dev/log (as far as I can tell). RSyslog can do IPC via a '*.* @127.0.0.1' action, but there's no corresponding '*.* @/dev/log' action, at least as far as I know. So if you want to forward messages between daemons, you HAVE to listen on the loopback IP, unless you're willing to use something like 'omprog' or pipe output, both of which require invoking an external program like 'socat' or creating a named pipe. (It works, but it's messier and more complicated--performance might be worse, too.) For Ales's KVM application, there may be a worse problem: His virtual machines might not have working network interfaces at all times, such as during provisioning/build. That's why the distinction of network socket vs. local socket matters--if you don't have any networking interfaces up, or you have security concerns about rogue local processes sending malicious traffic to the 127.0.0.1 listener, then the lack of a "send to local socket" capability makes life a little more difficult. -Ryan _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
