syslog-ng and iptables logs

Robert Connolly robert at linuxfromscratch.org
Thu Feb 17 19:11:15 PST 2005


It should be opening that file as root before it drops.. The config seems to 
be a bit wrong too, its a file not a pipe. Anyway, we are thinking of 
switching back to sysklogd. Syslog-ng will depend on glib soon.

I checked google about this too, and no one else seems to have this exact 
problem. I suggest making /proc/kmsg group readable by syslog's group until 
there's a better way.

robert

On February 17, 2005 09:46 pm, T_B wrote:
> Today I was experimenting with trying to have syslog-ng capture logs
> generated by iptables.  Basic syslog-ng.conf file did not seem to allow
> this.  I tried setting the iptables --log-level to alert in hopes the
> messages would get logged to alert.log, but nothing.
>
> Then I noticed that when syslog-ng starts the following error message
> appears in message.log and syslog.log:
>         io.c: do_read: read() failed (errno 1), Operation not permitted
>
> After a bit of googling, I found that this occurs because
> pipe("/proc/kmsg") appears as a listed source in /etc/syslog-ng.conf,
> /proc/kmsg has
> permissions 400 and is owned by root. Therefore, read access to it when
> syslog-ng is running as user syslog is not permitted.
>
> If one removes pipe("/proc/kmsg") from the list of sources, then the error
> message goes away. But this doesn't solve the problem of getting iptables
> messages as I suspect they originate from the kernel through /proc/kmsg. 
> As an alternative, if syslog-ng is run as root, the error message goes
> away.  A side benefit of this is that one now gets kern log messages (e.g.
> iptables LOG messages).
>
> I realize that it is preferred to run syslog-ng as a non-priveleged user
> such as syslog.  Does anyone know of a way to get kernel log messages
> without running as root?
>
>
>
> Regards
>
> Bill
>
>
>
>
>
>
>
> http://www.campin.net/syslog-ng/chroot-jail.html



More information about the hlfs-dev mailing list