Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 29 Nov 2012 22:21:30 -0600
From:      Paul Schmehl <pschmehl_lists@tx.rr.com>
To:        FreeBSD Questions List <freebsd-questions@freebsd.org>
Subject:   Re: Unexepected results when piping syslog to a fifo
Message-ID:  <C25A8455A7709875B53BE78B@Pauls-MacBook-Pro.local>
In-Reply-To: <80AACED86FEA012CB5D1F5F9@utd71538.campus.ad.utdallas.edu>
References:  <80AACED86FEA012CB5D1F5F9@utd71538.campus.ad.utdallas.edu>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
--On November 29, 2012 1:30:25 PM -0600 Paul Schmehl <pauls@utdallas.edu> 
wrote:

> I'm working on a project which requires that I pipe a remote syslog to a
> fifo so a daemon can parse the results.  After some googling I *thought*
> that I had figured out how to configure syslog to do this.  Here's the
> syslog.conf entry:
>
> + hostname.utdallas.edu
> *.* | cat > /var/run/program/program.fifo
>
> This seems to work for one syslog message.  The rest go to
> /var/log/messages.
>
> So I tried this:
> + hostname.utdallas.edu
> *.* | tail -f > /var/run/program/program.fifo
>
> But that seems to do the same thing.
>
> I want these messages to be piped to the fifo *only* and not show up in
> local logs.  What's the secret sauce for this?
>

Now I'm even more confused.  According to man (5) syslog.conf, a pipe 
should redirect its output to /dev/null.

         " A vertical bar (``|''), followed by a command to pipe the 
selected
         messages to.  The command is passed to sh(1) for evaluation, so 
usual
         shell metacharacters or input/output redirection can occur.  (Note
         however that redirecting stdio(3) buffered output from the invoked
         command can cause additional delays, or even lost output data in 
case
         a logging subprocess exited with a signal.)  The command itself 
runs
         with stdout and stderr redirected to /dev/null."

And yet this:

*.* |cat > /var/run/program/program.fifo results in the log data going both 
to the fifo and to /var/log/messages.  I really don't want to fill up the 
messages log with this stuff.  Any suggestions?

Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
"There are some ideas so wrong that only a very
intelligent person could believe in them." George Orwell




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?C25A8455A7709875B53BE78B>