Logging, Syslog and Log Anaylsys Forums
July 30, 2010, 09:58:52 pm *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
   Home   WIKI BLOG Help Search Recent Topics GoogleTagged Login Register  
Pages: [1]
« previous next »
  Print  
Author Topic: Syslog-ng 2.1.x wont write to messages or any other file  (Read 1004 times)
stevepr
Newbie
*
Offline Offline

Posts: 1


View Profile
« on: August 24, 2009, 08:18:57 pm »
I am a noob on syslog-ng.  I have been seaching this forum and the web for the last 4 hour and cant find the solution to this.

I have a redhat EL 4 server and I want to install syslog-ng.  I first installed version 3 but realized that my conf file was for version 2 so I removed syslog-ngv3 and installed v2.

Almost certain that my server is running selinux but I am not the server admin but I do have root access.


I get the following message only when I have both syslogd and syslog-ng running.

Aug 24 18:27:38 redhatsvr kernel: audit(1251156458.669:9094554): avc:  denied  { write } for  pid=10653 comm="syslog-ng" name="secure" dev=dm-4 ino=16412 scontext=root:system_r:syslogd_t tcontext=user_u:object_r:var_log_t tclass=file


But when I kill the syslogd proccess all file writting stops.

I this is what the process looks like:

[root@redhatsvr syslog-ng]# ps -ef | grep syslog
root     10785     1  0 18:41 ?        00:00:00 syslog-ng -p /var/run/syslog-ng.pid
root     10790 10687  0 18:41 pts/2    00:00:00 grep syslog


What is the -p  is this residual from syslog-ng v3 ?  Or is this how its supposed look?


I have ran

getsebool use_syslogng
use_syslogng --> active

This was not the case I had to change it to active.

It looks to me like I don't have permissions or syslog-ng is not running as root?

Please help

source net { udp(ip(0.0.0.0) port(514)); }; #0.0.0.0 will allow all hosts to send their logs to your host.

source s_sys { file ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };


destination d_syslog { file("/var/log/messages"
template ("$DATE $HOST <$PRIORITY> $MSG\n")
template_escape(no)
);
};

destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" sync(10)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_kern { file("/var/log/kern"); };


filter f_kernel     { facility(kern); };
filter f_auth       { facility(authpriv); };
filter f_mail       { facility(mail); };
filter f_boot   { facility(local7); };
filter f_cron   { facility(cron); };



filter f_catch_all { level( info .. err ) and not match("ASA|PIX"); };
log { source(net); filter(f_catch_all); destination(d_syslog); };
log { source(s_sys); filter(f_auth); destination(d_auth); };
log { source(s_sys); filter(f_mail); destination(d_mail); };
log { source(s_sys); filter(f_boot); destination(d_boot); };
log { source(s_sys); filter(f_cron); destination(d_cron); };
Logged
Admin
Administrator
Newbie
*****
Online Online

Posts: 146


View Profile WWW
« Reply #1 on: September 02, 2009, 07:23:01 pm »
First, you are bound to have some problems if you try to run both syslogd and syslog-ng at the same time.  Also, you're going to have problems running syslog-ng not as root, since it will not be able to listen to port 53 (requires administrative permissions to bind to a low port)
Logged
Pages: [1]
  Print  

« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC | Sitemap Valid XHTML 1.0! Valid CSS!