This would work, it sleeps for 1 second after the pipe is closed so it
doesn't loop to quickly (syslogd takes a second or two sometimes to
restart on slower machines).
this one just prints to stdout, but can be adjusted to write to another
file somewhere.
#!/usr/bin/perl -w
use strict;
my $pipe = shift;
if (!$pipe)
{
print qq{
Usage: $0 [pipe]
Where [pipe] is the syslogd named pipe
};
exit(1);
}
fork && exit;
sub readit
{
open(PIPE,"<$pipe") || die "Could not open $pipe";
while (<PIPE>)
{
print $_ if ($_);
}
close(PIPE);
sleep(1);
&readit;
}
&readit;
Thanks,
Ryan Yagatich <supportat_private>
Pantek, Incorporated
(877) LINUX-FIX - (440) 519-1802
===================================
6E 3D 0B DB 1F 64 A1 10 E8 04 C6 65
C8 BB 37 31 05 DA 09 67 EE EC 40 BE
===================================
A distributed system is one in
which the failure of a computer you
didn't even know existed can render
your own computer unusable. --
Leslie Lamport
On Wed, 6 Nov 2002, Seth Arnold wrote:
>On Wed, Nov 06, 2002 at 05:22:09PM -0000, John Fitzgerald wrote:
>> To prevent an 'exploited' syslogd amending stored logs then you may be
>> able to set them to be append only (dependent upon the filesystem
>> being used) and/or you could have a higher privilege daemon copying
>> the logs to somewhere outside the chrooted area on a regular basis.
>> Does anybody know of an application that is optimized for copying
>> sequentially increasing files?
>
>tail(1).
>
>Or you could configure your syslogd to write into a pipe and have your
>"trusted" program read from the pipe in a loop and copy the data to
>another file.
>
>
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Nov 08 2002 - 17:17:29 PST