Re: Logging IPTables to file using syslogd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Diyan Christian <sauron@lug.stikom.edu> writes:

>> The "-" is  used for it to understand the difference between the facility and 
>> action.  Else it will think "kern.*" and "/var/log/newfile" is this: 
>> "kern.*/var/log/newfile" which is not a valid syslog facility.
>
> nope....the "-"  character just before the arguments (in this case is a file) is used 
> by syslog to do syncing (direct writes) to disk, rather than queue up first in the
> buffers (in case your hardware crashing and you might loosing important logs),
> so if performance is your choice over data integrity, you may ommit the
> "-" character.

Sorry, but I was cursed with a thick skull..  Can you explain a
little more detail about this?  Do you mean syslogd can be made to
write immediately to a file instead of buffering a set amount of data?

How can I test this?  For example, with syslogd directed to write to
a fifo:

   *.*        |/some/fifo

I always see a pause when I put a listener on that fifo.  I
understood the pause to be caused by a buffering situation.  Some set
amount of data accumulates in the buffer ( I forgot the figure) and
then a write happens.  Another pause while the buffer fills.. etc.

Sounds like what you are saying is that by adding a `-' to the above
rule:
   *.*        -|/some/fifo
One could force syslogd data to be written to the fifo with no
buffering.

This could be a way to get full `real time' access to filtered log
files.  Am I following your point correctly?
------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux