First, a little bit of context:
I have a Linksys WRT54G running OpenWRT as my home gateway. Among other
things, my init scripts are launching syslogd, using the neat busybox
trick of logging to a circular buffer, giving you local logs without
writing to your flash all the time. There's a small utility called
logread to dump the contents of the buffer, or with the right option
tail the buffer, continuing to dump output as the log grows. (it's also
logging to another machine on my LAN, but that's not relevant)
Recently, while searching for something completely unrelated, I found an
article[1] describing a cute little hack for monitoring firewall logs.
The Linksys can't make any noise, but it does have a couple of
user-configurable LEDs on the front panel[2]. Who am I to resist the
lure of blinkenlights?
Modifying the linuxgazette script slightly for the nuances of the
Linksys and my firewall rules, I get the following:
-----
#!/bin/sh
logread -f | \
awk '$0 ~ /DROPPED/ {
system("echo 0x01 > /proc/sys/diag");
system("echo 0x00 > /proc/sys/diag");
}'
-----
First of all, there really needs to be a delay between turning the LED
on and off. Unfortunately OpenWRT doesn't build busybox with usleep,
although if I get around to upgrading the firmware I'll turn it (and a
couple of other options) on first. sleep isn't much of an option as it
doesn't go any faster than 1 second. The only other alternative I can
come up with is an evil busywait loop. Any other suggestions?
Second of all, well, it doesn't work at all (my test version replaces
the two echos with one echoing to stdout), and it took a fair bit of
headscratching to figure out why. Running logread -f at a shell prompt
shows log output being dumped to the console straight away. But when
piping the output of logread -f to another program, it buffers output
and sends a half dozen lines at a time. Letting the test script run for
a minute or two then hitting CTRL-C leads to a whole bunch of output; it
looks like logread is flushing it's buffers as it quits, and feeding a
whole bunch of stuff to awk at once. I then tested this by running
logread -f , logread -f | echo and a tail of the remote syslogd's logs
side by side.
So, what can I do to get unbuffered output? I peeked in the logread
code, but my C fu wasn't up to the task, and again it basically amounts
to building new firmware. I don't suppose there's any other way to read
from a circular buffer, given the very limited toolset provided by
busybox and a small handful of utilities?
I'm also considering directing syslog to log to a named pipe, or some
arrangement with a logfile stored in a ramdisk. I'm open to any
suggestions that are much less manky though.
[1]: http://www.linuxgazette.com/node/9074
[2]: http://openwrt.org/wrtLEDCodes
--
Pete
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
