Hi ,
when a process fails to write to /dev/log ?
Assuming you mean "when does a process fail to write to /dev/log?"
/dev/log is a semi-standard convention for syslog - syslog listens on this UNIX socket, and writes what is written there according to the rules in it's configuration file.
Given that, you've got three reasons why a process might not be able to log:
- The process in question isn't set up to do syslog. Using syslog is optional, and needs to be part of the process code.
- syslogd isn't running, so there's nothing reading from that socket.
- There is a syslogd running, and the process is set up to log to syslog, but it fails before it reaches the part of it's code when it does.
To check for the first, if you have the source code for the process, check it for calls to openlog(), syslog(), and closelog(), or if it's a shell script, check for calls to the logger program. Perl scripts will usually use Sys::Syslog or something similar.
To check for the second, do:
$ ps -efawww | egrep syslog
or even better
# lsof /dev/log
and see what has /dev/log open
To check for the third, well, you might try running the process under a debugger, and see if you can catch any writes to /dev/log or calls to syslog. Or, you could run the process via "strace" (truss on some Unixes) and look for writes that way.