Re: Unexepected results when piping syslog to a fifo
> Date: Thu, 29 Nov 2012 22:21:30 -0600
> From: Paul Schmehl
> Subject: Re: Unexepected results when piping syslog to a fifo
>
> Now I'm even more confused. According to man (5) syslog.conf, a pipe
> should redirect its output to /dev/null.
>
> " A vertical bar (``|''), followed by a command to pipe the
> selected
> messages to. The command is passed to sh(1) for evaluation, so
> usual
> shell metacharacters or input/output redirection can occur. (Note
> however that redirecting stdio(3) buffered output from the invoked
> command can cause additional delays, or even lost output data in
> case
> a logging subprocess exited with a signal.) The command itself
> runs
> with stdout and stderr redirected to /dev/null."
>
> And yet this:
>
> *.* |cat > /var/run/program/program.fifo results in the log data going both
> to the fifo and to /var/log/messages. I really don't want to fill up the
> messages log with this stuff. Any suggestions?
to clear up the confusion:
1) syslogd creates an environment where stdout/stderr are set to /dev/null,
invokes sh in that environment, passing it the command string for
evaluation/execution. If the command string does *not* redirect
stdout/stderr, they are /dev/null.*IF* redirected in he command string,
things go where redirected.
2) syslogd writes messages to _every_ destination where the selection
criteria match. To accomplish what you want you'll need something
like:
+remotehost
*.* |cat >fifo
-remotehost
{console criteria} /dev/console
{'messages' criteria} /var/log/messages
{{ etc., etc.}}
[ you may need "+* on it's own line just before "-remotehost"
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Unexepected results when piping syslog to a fifo
--On November 29, 2012 1:30:25 PM -0600 Paul Schmehl wrote: I'm working on a project which requires that I pipe a remote syslog to a fifo so a daemon can parse the results. After some googling I *thought* that I had figured out how to configure syslog to do this. Here's the syslog.conf entry: + hostname.utdallas.edu *.* | cat > /var/run/program/program.fifo This seems to work for one syslog message. The rest go to /var/log/messages. So I tried this: + hostname.utdallas.edu *.* | tail -f > /var/run/program/program.fifo But that seems to do the same thing. I want these messages to be piped to the fifo *only* and not show up in local logs. What's the secret sauce for this? Now I'm even more confused. According to man (5) syslog.conf, a pipe should redirect its output to /dev/null. " A vertical bar (``|''), followed by a command to pipe the selected messages to. The command is passed to sh(1) for evaluation, so usual shell metacharacters or input/output redirection can occur. (Note however that redirecting stdio(3) buffered output from the invoked command can cause additional delays, or even lost output data in case a logging subprocess exited with a signal.) The command itself runs with stdout and stderr redirected to /dev/null." And yet this: *.* |cat > /var/run/program/program.fifo results in the log data going both to the fifo and to /var/log/messages. I really don't want to fill up the messages log with this stuff. Any suggestions? Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson "There are some ideas so wrong that only a very intelligent person could believe in them." George Orwell ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Unexepected results when piping syslog to a fifo
On 11/29/2012 1:30 PM, Paul Schmehl wrote: > I'm working on a project which requires that I pipe a remote > syslog to a fifo so a daemon can parse the results. After some > googling I *thought* that I had figured out how to configure > syslog to do this. Here's the syslog.conf entry: > > + hostname.utdallas.edu > *.* | cat > /var/run/program/program.fifo > > This seems to work for one syslog message. The rest go to > /var/log/messages. > > So I tried this: > + hostname.utdallas.edu > *.* | tail -f > /var/run/program/program.fifo > > But that seems to do the same thing. > > I want these messages to be piped to the fifo *only* and not show > up in local logs. What's the secret sauce for this? > I've used this in the past ... !* +host.example.com *.* | /path/to/fifo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Unexepected results when piping syslog to a fifo
I'm working on a project which requires that I pipe a remote syslog to a fifo so a daemon can parse the results. After some googling I *thought* that I had figured out how to configure syslog to do this. Here's the syslog.conf entry: + hostname.utdallas.edu *.* | cat > /var/run/program/program.fifo This seems to work for one syslog message. The rest go to /var/log/messages. So I tried this: + hostname.utdallas.edu *.* | tail -f > /var/run/program/program.fifo But that seems to do the same thing. I want these messages to be piped to the fifo *only* and not show up in local logs. What's the secret sauce for this? -- Paul Schmehl (pa...@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/infosecurity/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
