Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#22153 - [syslog-ng] create /dev/log as a unix-dgram socket instead of stream

Attached to Project: Arch Linux
Opened by Dave Reisner (falconindy) - Monday, 20 December 2010, 13:56 GMT
Last edited by Eric Belanger (Snowman) - Monday, 14 February 2011, 05:24 GMT
Task Type Feature Request
Category Packages: Core
Status Closed
Assigned To Eric Belanger (Snowman)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No


We currently ship a syslog-ng.conf file which opens /dev/log as a stream socket instead of a datagram socket. I would like to propose that we change this to a unix-dgram. This is a very simple change and only requires modifying a single line in the conf file that we ship.

1) Security -- /dev/log used to be a stream socket by default, circa 1999. Unfortunately, I can't get a link to the security issue in question, because the site is currently down, but [1] has a reference to it. glibc (as of libc6) by default will always try to open /dev/log as a DGRAM socket first.
2) Lower overhead -- Balazs Scheidler, the maintainer of syslog-ng wrongly claims in the syslog-ng FAQ [2] that a SOCK_STREAM is "better" because it doesn't lose messages like a SOCK_DGRAM. He corrects himself [3], as the linux implementation of SOCK_DGRAM type unix socket is not actually prone to losing data.
3) Many other major implementations of system loggers (such as rsyslog or klogd) use a DGRAM socket.

This task depends upon

Closed by  Eric Belanger (Snowman)
Monday, 14 February 2011, 05:24 GMT
Reason for closing:  Implemented
Additional comments about closing:  syslog-ng 3.2.2-1
Comment by Leonid Isaev (lisaev) - Saturday, 01 January 2011, 15:52 GMT
Apparently, debian people has been raising similar proposals since 2006: