syslog-ng and iptables logs
fost at hotmail.com
Thu Feb 17 19:38:17 PST 2005
Robert Connolly <robert at linuxfromscratch.org> wrote in
news:200502172211.16388.robert at linuxfromscratch.org:
> It should be opening that file as root before it drops.. The config
> seems to be a bit wrong too, its a file not a pipe. Anyway, we are
> thinking of switching back to sysklogd. Syslog-ng will depend on glib
Why drop it? we already use libol, which will be replaced by glib instead.
> On February 17, 2005 09:46 pm, T_B wrote:
>> After a bit of googling, I found that this occurs because
>> pipe("/proc/kmsg") appears as a listed source in /etc/syslog-ng.conf,
>> /proc/kmsg has
>> permissions 400 and is owned by root. Therefore, read access to it
>> when syslog-ng is running as user syslog is not permitted.
As Robert pointed out, the sources are opened as root, before permissions
are dropped. Note this means you can't HUP syslog-ng, since the HUP does
not re-aquire root priveleges. You can work around this by creating all the
normal chroot symlinks (although symlinking /proc into a chroot is not
The probable reason for the failure is that the pipe() directive actually
opens as read\write - using file() instead (as Robert pointed out) should
work okay (will test myelf in a few hours).
More information about the hlfs-dev