On Tue, 2007-08-21 at 10:26 -0400, Robin P. Blanchard wrote:
# syslog-ng -d -f /etc/syslog-ng/syslog-ng.conf
[snip]
Cannot open file /export/syslog/10.10.0.2102007/08/21/messages for writing (Permission denied)
# ls -ald /export/ ; ls -ald /export/syslog/ drwxr-xr-x 5 root root 4096 Aug 21 10:16 /export/ drwxrwsr-x 2 root root 4096 Aug 21 09:41 /export/syslog/
# fgrep "\$HOST" /etc/syslog-ng/syslog-ng.conf |fgrep messages destination localmessages { file("/export/syslog/$HOST/$YEAR/$MONTH/$DAY/localmessages"); }; destination messages { file("/export/syslog/$HOST/$YEAR/$MONTH/$DAY/messages"); }; #destination allmessages { file("/export/syslog/$HOST/$YEAR/$MONTH/$DAY/allmessages"); };
So...it would apppear that: 1) macro expansion is not working ? (I can hand hack-in an extra "/" to force that path to look correct)
I don't see how that '0' could replace the '/' that was originally intended in your template I've checked the NEWS files, but there are no template expansion specific bug that could be related to this. I don't know whether SLES contains syslog-ng patches though. Can you check what patches are applied by SUSE?
2) syslog-ng cannot write to its output dir (regardless if I hack in that extra "/"
is syslog-ng running as root? is there something like SELinux/AppArmor that could prevent syslog-ng to write to that directory? -- Bazsi