Diyan Christian <sauron@lug.stikom.edu> writes:
>> The "-" is used for it to understand the difference between the facility and
>> action. Else it will think "kern.*" and "/var/log/newfile" is this:
>> "kern.*/var/log/newfile" which is not a valid syslog facility.
>
> nope....the "-" character just before the arguments (in this case is a file) is used
> by syslog to do syncing (direct writes) to disk, rather than queue up first in the
> buffers (in case your hardware crashing and you might loosing important logs),
> so if performance is your choice over data integrity, you may ommit the
> "-" character.
Sorry, but I was cursed with a thick skull.. Can you explain a
little more detail about this? Do you mean syslogd can be made to
write immediately to a file instead of buffering a set amount of data?
How can I test this? For example, with syslogd directed to write to
a fifo:
*.* |/some/fifo
I always see a pause when I put a listener on that fifo. I
understood the pause to be caused by a buffering situation. Some set
amount of data accumulates in the buffer ( I forgot the figure) and
then a write happens. Another pause while the buffer fills.. etc.
Sounds like what you are saying is that by adding a `-' to the above
rule:
*.* -|/some/fifo
One could force syslogd data to be written to the fifo with no
buffering.
This could be a way to get full `real time' access to filtered log
files. Am I following your point correctly?
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
