The problem is that the glibc routines hard-code /dev/log, so you either need to
completely replace them (LDPRELOAD approach) or make it so that /dev/log points
somewhere other than at the system master /dev/log (chroot or filesystem
namespaces and similar)
David Lang
On Thu, 7 Nov 2013, Daniel Pocock wrote:
On 07/11/13 16:58, Pavel Levshin wrote:
Look at source of system util named logger. It contains custom functions
myopenlog() and mysyslog(), which are intended to do that.
Using those functions would involve changing existing code
I had a look in the libc source code and found the answer to my
question: the syslog() function appears to be compiled to use /dev/log
with no way to override it at run time
So the only way to proceed is to extract the code from libc's syslog.c
and compile it into a shared object that can be introduced with LD_PRELOAD
Overriding the connect() method and detecting invocations that refer to
"/dev/log" appears to be the quickest way to do this: but the call from
openlog() to connect() appears to be linked within libc and can't be
intercepted. Therefore, it is necessary to completely override the
whole openlog() and syslog() methods in the LD_PRELOAD lib.
Has anybody done something like this before or seen a sample of the code
to do this?
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
