propolice and syslog-ng

Bennett Todd bet at rahul.net
Tue Sep 28 12:33:05 PDT 2004


2004-09-28T18:59:23 Robert Connolly:
> >From strace I'm getting:
> sendto(3, "<2>fail: stack smashing attack i"..., 46, 0, {sa_family=AF_FILE, 
> path="/dev/log"}, 110) = -1 EPROTOTYPE (Protocol wrong type for socket)
> 
> From fail.c. It works with sysklogd though. I'll keep looking into
> it. Are there often things that work with sysklog that don't work
> the same way with syslog-ng?

In my experience, _everything_ that works with sysklogd works fine
with syslog-ng. Check your syslogng.conf. In the source clause where
you specify /dev/log, how do you specify it?

I believe if you write

	unix-stream("/dev/log");

it'll work identically to sysklogd as normally configured.

It's sometimes worth switching to unix-dgram, which last time I
checked also worked fine with the syslog routines in libc. This
would (I believe) allow packet loss, rather than blocking, in the
event writers spit msgs faster than syslog-ng can read 'em, but more
importantly it prevents syslog-ng from needing to devote a file
descriptor to each concurrent writer; on e.g. large mailservers with
a modern MTA it's easy to have more processes concurrently logging
than the log daemon can have file descriptors.

-Bennett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20040928/fbd5adc5/attachment.sig>


More information about the hlfs-dev mailing list