Here is the output that I get from running "strace":<br><br>execve("/usr/local/sbin/syslog-ng", ["/usr/local/sbin/syslog-ng"], [/* 22 vars */]) = 0<br>brk(0) = 0x8814000<br>
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)<br>open("/etc/ld.so.cache", O_RDONLY) = 3<br>fstat64(3, {st_mode=S_IFREG|0644, st_size=41643, ...}) = 0<br>mmap2(NULL, 41643, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f70000<br>
close(3) = 0<br>open("/lib/librt.so.1", O_RDONLY) = 3<br>read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\10\215\0004\0\0\0"..., 512) = 512<br>fstat64(3, {st_mode=S_IFREG|0755, st_size=44060, ...}) = 0<br>
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f6f000<br>mmap2(0x8cf000, 33324, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x8cf000<br>mmap2(0x8d6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0x8d6000<br>
close(3) = 0<br>open("/lib/libnsl.so.1", O_RDONLY) = 3<br>read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \361\335\0004\0\0\0"..., 512) = 512<br>fstat64(3, {st_mode=S_IFREG|0755, st_size=101404, ...}) = 0<br>
mmap2(0xddc000, 92104, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xddc000<br>mmap2(0xdef000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12) = 0xdef000<br>mmap2(0xdf1000, 6088, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xdf1000<br>
close(3) = 0<br>open("/lib/libglib-2.0.so.0", O_RDONLY) = 3<br>read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`m\216\0004\0\0\0"..., 512) = 512<br>fstat64(3, {st_mode=S_IFREG|0755, st_size=644472, ...}) = 0<br>
mmap2(0x8da000, 646636, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x8da000<br>mmap2(0x977000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9c) = 0x977000<br>close(3) = 0<br>
open("/usr/lib/libevtlog.so.0", O_RDONLY) = 3<br>read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\17\0\0004\0\0\0"..., 512) = 512<br>fstat64(3, {st_mode=S_IFREG|0755, st_size=12044, ...}) = 0<br>
mmap2(NULL, 14988, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb2b000<br>mmap2(0xb2e000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0xb2e000<br>close(3) = 0<br>
open("/lib/libwrap.so.0", O_RDONLY) = 3<br>read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300=\207\0004\0\0\0"..., 512) = 512<br>fstat64(3, {st_mode=S_IFREG|0755, st_size=32824, ...}) = 0<br>
mmap2(0x872000, 32188, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x872000<br>mmap2(0x879000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7) = 0x879000<br>close(3) = 0<br>
open("/lib/libc.so.6", O_RDONLY) = 3<br>read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\37t\0004\0\0\0"..., 512) = 512<br>fstat64(3, {st_mode=S_IFREG|0755, st_size=1606808, ...}) = 0<br>
mmap2(0x72c000, 1324452, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x72c000<br>mmap2(0x86a000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13e) = 0x86a000<br>mmap2(0x86d000, 9636, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x86d000<br>
close(3) = 0<br>open("/lib/libpthread.so.0", O_RDONLY) = 3<br>read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000X\212\0004\0\0\0"..., 512) = 512<br>fstat64(3, {st_mode=S_IFREG|0755, st_size=125612, ...}) = 0<br>
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f6e000<br>mmap2(0x8a1000, 90592, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x8a1000<br>mmap2(0x8b4000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12) = 0x8b4000<br>
mmap2(0x8b6000, 4576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x8b6000<br>close(3) = 0<br>mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f6d000<br>
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f6d6c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0<br>mprotect(0x8b4000, 4096, PROT_READ) = 0<br>
mprotect(0x86a000, 8192, PROT_READ) = 0<br>mprotect(0xdef000, 4096, PROT_READ) = 0<br>mprotect(0x8d6000, 4096, PROT_READ) = 0<br>mprotect(0x723000, 4096, PROT_READ) = 0<br>munmap(0xb7f70000, 41643) = 0<br>
set_tid_address(0xb7f6d708) = 16916<br>set_robust_list(0xb7f6d710, 0xc) = 0<br>futex(0xbfb87584, FUTEX_WAKE_PRIVATE, 1) = 0<br>rt_sigaction(SIGRTMIN, {0x8a53d0, [], SA_SIGINFO}, NULL, 8) = 0<br>rt_sigaction(SIGRT_1, {0x8a52e0, [], SA_RESTART|SA_SIGINFO}, NULL, 8) = 0<br>
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0<br>getrlimit(RLIMIT_STACK, {rlim_cur=10240*1024, rlim_max=RLIM_INFINITY}) = 0<br>uname({sys="Linux", node="<a href="http://L0982iappv0100.ius.meijer.com">L0982iappv0100.ius.meijer.com</a>", ...}) = 0<br>
brk(0) = 0x8814000<br>brk(0x8835000) = 0x8835000<br>gettimeofday({1248172733, 541317}, NULL) = 0<br>ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0<br>
ioctl(0, TIOCNOTTY) = 0<br>setsid() = 16916<br>setrlimit(RLIMIT_NOFILE, {rlim_cur=4*1024, rlim_max=4*1024}) = 0<br>pipe([3, 4]) = 0<br>clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f6d708) = 16917<br>
close(4) = 0<br>read(3, "0\n", 6) = 2<br>close(3) = 0<br>exit_group(0) = ?<br><br><br><div class="gmail_quote">
On Tue, Jul 21, 2009 at 5:04 AM, Balazs Scheidler <span dir="ltr"><<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im">On Sun, 2009-07-19 at 12:10 -0400, Scott Ware wrote:<br>
> I have SELinux disabled, and I am running it as root.<br>
><br>
<br>
</div>then please run strace on the syslog-ng process to see why it gets<br>
permission denied problems.<br>
<div><div></div><div class="h5"><br>
<br>
> On Thu, Jul 16, 2009 at 6:13 PM, Balazs Scheidler <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>><br>
> wrote:<br>
><br>
> On Tue, 2009-07-14 at 08:30 -0400, Scott Ware wrote:<br>
> > So, I complied Syslog-ng with the --enable-spoof-source<br>
> option, and<br>
> > everything installed fine. However, when I have the<br>
> spoof_source(yes)<br>
> > option in the config file, nothing gets re-directed to my<br>
> logging<br>
> > destination.<br>
> ><br>
> > If I take the option out, everything gets re-directed. Can<br>
> you<br>
> > possible help me? Thanks!<br>
><br>
><br>
> hmm.. does syslog-ng have the necessary permissions. SELinux<br>
> comes to my<br>
> mind.<br>
<br>
><br>
--<br>
Bazsi<br>
<br>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
<br>
</div></div></blockquote></div><br>