DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 4th November 2016
MatthiasKoch MatthiasKoch is offline
Real Name: Matthias Koch
Port Guard
 
Join Date: Mar 2016
Location: Germany
Posts: 37
Default change syslogd to rsyslogd

OpenBSD 6.0
Good afternoon all,

I am currently trying to switch from syslogd to rsyslogd and have installed rsyslogd from packages. Merely stopping syslogd via the rc.d script and starting rsyslogd doesn't work - rsyslogd is running but not logging anything.

I have found out that /etc/rc.d/syslogd, when executed (probably with a stop command), apparently deletes /dev/log which both syslogd and rsyslogd read from.


rc_pre() {
rm -f /dev/log
}

/dev/log is only present when syslogd is running.

My question is, how and at which point is /dev/log created and why is it deleted after syslogd stops?

TIA
Matthias
Reply With Quote
  #2   (View Single Post)  
Old 5th November 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

The unix socket /dev/log is both created and deleted by syslogd(8). The rc.subr(8) pre- script issues the rm(1) before syslogd() starts. I assume it does so in the event syslogd previously ended abnormally.

According to cvs(1), the socket has been deleted by syslogd() since the OpenBSD 3.9 era. The commit log states:
Code:
----------------------------
revision 1.27
date: 2005/12/02 16:50:11;  author: moritz;  state: Exp;  lines: +2 -1;
unlink() pid file on exit. ok deraadt@
----------------------------
I went through the tech@ archives in that time frame and did not discover any public discussion of this commit.

For more detail, see the source code in src/usr.sbin/syslogd/. The path to the socket is hard coded as the preprocessor token _PATH_LOG in the <sys/socket.h> header file.

For "why" you would need to ask the developers involved.

Last edited by jggimi; 5th November 2016 at 02:28 AM. Reason: typo
Reply With Quote
  #3   (View Single Post)  
Old 5th November 2016
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 1,027
Default

Isn't the pid file just an ordinary file, such as /var/run/syslog.pid, which holds the daemon's process id? I suspect this is the variable _PATH_LOGPID.

The socket may be _PATH_KLOG ? At the moment I can't find where these are defined, nor can I find where _PATH_KLOG might be unlink'ed, and it's late ...

Last edited by IdOp; 5th November 2016 at 03:46 AM. Reason: filename
Reply With Quote
  #4   (View Single Post)  
Old 5th November 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

You're right! It is late, and that *is* _PATH_LOGPID, *not* PATH_LOG.

Sorry about my misleading post.
Reply With Quote
  #5   (View Single Post)  
Old 5th November 2016
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 1,027
Default

No worries, it is the start of a multi-step process to unlock the mystery behind the original question.
Reply With Quote
  #6   (View Single Post)  
Old 5th November 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Well, I'm awake. No coffee yet, so let's hope I have this right.

We can se the "rm -f /dev/log" in the pre- script today. It was in the initial commit of the /etc/rc.d/syslogd file on 06-Jul-2011

Before OpenBSD had the rc.d(8) subsystem, there was an "rm -f log" in /etc/rc. It moved locations 21-Dec-1997, with revision 1.58, but it was in the initial import 18-Oct-1995.

I'm not going to delve any deeper.
Reply With Quote
  #7   (View Single Post)  
Old 5th November 2016
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

Quote:
Originally Posted by Stuart Henderson
OpenBSD's syslog functions now use sendsyslog(2) which doesn't use
/dev/log sockets any more.
http://marc.info/?l=openbsd-misc&m=145929600516986&w=2
http://openbsd-archive.7691.n7.nabbl...-td292794.html
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Reply

Tags
log, rsyslogd, syslogd

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Send Syslogd To External Host plexter OpenBSD General 2 18th July 2011 08:11 PM
Change for rc.lkm IdOp NetBSD General 2 24th August 2009 02:33 PM
Freebsd 7.1-STABLE and dd-wrt v24 syslogd da1 FreeBSD General 9 16th March 2009 05:15 PM
Silencing gconfd spam in syslogd... BSDfan666 Guides 0 12th December 2008 10:01 PM
change ttl value ecnalbya OpenBSD Security 18 23rd August 2008 12:46 PM


All times are GMT. The time now is 06:57 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick