Thanks for your help, Valdis. I run the strace and found the missing library files. My current $CHROOTDIR looks like this: ./ ./lib ./lib/libnss_dns.so.2 ./etc ./etc/ld.so.cache ./etc/resolv.conf ./etc/localtime ./etc/host.conf ./etc/hosts ./etc/syslog-ng ./etc/syslog-ng/syslog-ng.conf ./etc/nsswitch.conf ./dev ./dev/zero ./dev/null ./var ./var/log ./var/log/syslogng.log ./var/log/HOSTS I guess I'll need more files once I start logging to MYSQL, however it should be a easy task now with the help of strace and the kind people of this list, I hope. On Wed, 2005-08-03 at 12:00 +0200, syslog-ng-request@lists.balabit.hu wrote:
On Tue, 02 Aug 2005 15:28:01 PDT, Arnold Wang said:
I'm running syslog-ng in chroot mode, followed the instructions in http://www.campin.net/syslog-ng/chroot-jail.html. I also enabled DNS lookup so I can show the Cisco routers in their friendly names instead of IPs. The DNS lookup works fine until I enabled chroot mode. I copied "nsswitch.conf" and "resolv.conf" files into $CHROOTDIR/etc as well, just in case.
You'll also need any shared libs your syslog-ng binary needs (use ldd to find them), and probably stuff in $CHROOT/dev as well (dev/null and dev/zero come to mind).
I'm probably missing something here - 'strace -f chroot $CHROOT bin/syslog-ng' will show you if you're missing anything else...
BTW, the host is RHEL4 and I set SELinux to "permissive".
'permissive' will probably throw a whole lot of AVC messages unless you label the contexts for the files in the chroot tree (fortunately, there's hopefully not a lot, so hand-labelling is probably feasible). Sorry, the inability to use 'restorecon' to label a chroot tree is a known deficiency in the current tools...
Fortunately, in permissive mode, each avc message is only printed once, so you'll get spammed with a bunch of messages at startup (and probably one/two more logmsgs for each logfile it opens).
Will my configuration work? If so, what should I check? Thanks in advance for help.
Shared libs.. /dev entries. The strace command I gave should help find other stuff that's missing. Good luck. ;)