[Mono-list] UnixStream/Pipe Best Practices

Gonzalo Paniagua Javier gonzalo at novell.com
Tue Nov 14 10:18:33 EST 2006


On Tue, 2006-11-14 at 08:33 -0600, Michael Schurter wrote:
> On Mon, 2006-11-13 at 17:48 -0500, Ben Timby wrote:
> > Easiest way is likely to configure syslog-ng with a destination of type: 
> > unix-stream for your firewalls events.
> 
> There seems to be a problem with my syslog-ng configuration as its
> telling me: Connection failed; error='Connection refused (111)',
> reconnect='10'
> 
> Relevant syslog-ng.conf lines:
> 
> destination df_firewall { unix-stream("/var/log/firewall-stream"); };

I did something similar and there's no need for UnixStream or anything
like that. Just:

	destination df_firewall { pipe("/dev/firewall-fifo"); };

And then open /dev/firewall-fifo as you would open any other file:

using (StreamReader reader = new StreamReader (File.OpenRead (args [0]),
Encoding.ASCII)) {
	string line;
	while ((line = reader.ReadLine ()) != null) {
		if (line.IndexOf ("sshd") != -1)
		ProcessLine (line);
	}
}


Adjust the encoding to your needs.

If the syslog daemon is killed, you might get a read error or and EOF in
the form of a null line read. In that case, once this loop exits, start
it over.

I was using something like this to block IPs that tried to access ssh
with dictionary attacks.

-Gonzalo




More information about the Mono-list mailing list