On Mon, 22 Sep 2003, Devin Kowatch wrote: > I've seen this happen when /dev/log is opened as a UNIX_STREAM. The > system isn't quite unusable ... but the only way I've found to recover > is to have a root shell open to kill syslogd. > > IIRC, linux's stock syslogd does not open /dev/log as a STREAM. DGRAM was the only choice for a while in the Linux kernel, though I'm not sure at which point the switch happened. The section 5 man page for proc still says that streams aren't supported in the kernel for Unix domain sockets - though I suppose that could be for histerical purposes ;) There was talk about handling dgram and stream sockets differently on the syslog-ng list as late as last year, and something about different distros moving to streams on the same list last June, suggesting that the issue wasn't all that baked fairly recently. Both my newest distros show streams, but I don't have any old boxes online anymore to check their status. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts@private which may have no basis whatsoever in fact." probertson@private Director of Risk Assessment TruSecure Corporation _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Sep 24 2003 - 11:52:15 PDT