syslog-ng and iptables logs

Steve Crosby fost at
Thu Feb 17 19:38:17 PST 2005

Robert Connolly <robert at> wrote in
news:200502172211.16388.robert at 

> It should be opening that file as root before it drops.. The config
> seems to be a bit wrong too, its a file not a pipe. Anyway, we are
> thinking of switching back to sysklogd. Syslog-ng will depend on glib
> soon. 


Why drop it? we already use libol, which will be replaced by glib instead.

> On February 17, 2005 09:46 pm, T_B wrote:


>> After a bit of googling, I found that this occurs because
>> pipe("/proc/kmsg") appears as a listed source in /etc/syslog-ng.conf,
>> /proc/kmsg has
>> permissions 400 and is owned by root. Therefore, read access to it
>> when syslog-ng is running as user syslog is not permitted.

As Robert pointed out, the sources are opened as root, before permissions 
are dropped. Note this means you can't HUP syslog-ng, since the HUP does 
not re-aquire root priveleges. You can work around this by creating all the 
normal chroot symlinks (although symlinking /proc into a chroot is not 
recommended ;)

The probable reason for the failure is that the pipe() directive actually 
opens  as read\write - using file() instead (as Robert pointed out) should 
work okay (will test myelf in a few hours).

-- -
Steve Crosby

More information about the hlfs-dev mailing list