This would work, it sleeps for 1 second after the pipe is closed so it doesn't loop to quickly (syslogd takes a second or two sometimes to restart on slower machines). this one just prints to stdout, but can be adjusted to write to another file somewhere. #!/usr/bin/perl -w use strict; my $pipe = shift; if (!$pipe) { print qq{ Usage: $0 [pipe] Where [pipe] is the syslogd named pipe }; exit(1); } fork && exit; sub readit { open(PIPE,"<$pipe") || die "Could not open $pipe"; while (<PIPE>) { print $_ if ($_); } close(PIPE); sleep(1); &readit; } &readit; Thanks, Ryan Yagatich <supportat_private> Pantek, Incorporated (877) LINUX-FIX - (440) 519-1802 =================================== 6E 3D 0B DB 1F 64 A1 10 E8 04 C6 65 C8 BB 37 31 05 DA 09 67 EE EC 40 BE =================================== A distributed system is one in which the failure of a computer you didn't even know existed can render your own computer unusable. -- Leslie Lamport On Wed, 6 Nov 2002, Seth Arnold wrote: >On Wed, Nov 06, 2002 at 05:22:09PM -0000, John Fitzgerald wrote: >> To prevent an 'exploited' syslogd amending stored logs then you may be >> able to set them to be append only (dependent upon the filesystem >> being used) and/or you could have a higher privilege daemon copying >> the logs to somewhere outside the chrooted area on a regular basis. >> Does anybody know of an application that is optimized for copying >> sequentially increasing files? > >tail(1). > >Or you could configure your syslogd to write into a pipe and have your >"trusted" program read from the pipe in a loop and copy the data to >another file. > > ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Nov 08 2002 - 17:17:29 PST