Hi, On Fri, 19 Nov 2004 11:16:17 +0100 Balazs Scheidler <bazsi@balabit.hu> wrote:
Probably the timezone settings are not correct within your chroot. That's right. Fixed. thx.
I am also interested to know what that io.c message is. It does not seem to affect syslog-ng.
Probably some kernel hardening rejected a read request on some special files? Maybe /proc/kmsg? I'd check to be sure with strace to see what was the read which failed. 32475 open("/proc/kmsg", O_RDONLY|O_NONBLOCK|O_NOCTTY|O_LARGEFILE) = 8 . . 32475 read(8, 0x806e960, 2048) = -1 EPERM (Operation not permitted) 32475 getpid() = 32475 32475 time(NULL) = 1101116175 32475 time(NULL) = 1101116175 32475 poll([{fd=9, events=0}, {fd=5, events=POLLOUT, revents=POLLOUT}, {fd=8, events=POLLIN, revents=POLLIN}, {fd=7, ev ents=POLLIN}, {fd=6, events=POLLIN}, {fd=3, events=POLLIN}], 6, 100) = 2 32475 write(5, "Nov 22 10:36:15 burp syslog-ng[3"..., 103) = 103 32475 time(NULL) = 1101116175 32475 close(8)
You are right again. What should I do? Have I forgotten something about /proc? I tried to give the file to the group I am running syslog-ng as. Also change perms to 660. Made no difference. When I start syslog-ng as root it can read kmsg. I am running the 2.6.8-1-686 built by debian. With debian patches applied. They may have included something in those patches...
Probably it sent the HUP signal to the wrong PID, it's a quite common problem, that it reads the PID from a file called /var/run/syslogd.pid, instead of /var/run/syslog-ng.pid (where syslog-ng stores its pidfile). Syslog-ng reopens all files when receiving a HUP signal.
Well this particular build of this release on this system does not :) I shall investigate further and get back to the list. I configured logrotate to issue reload again, so I can say some more about it tomorrow. Thanks. g.