I am running FreeBSD 6.0-RELEASE. I have syslog-ng running on the host system and have specified in the config that it should create a log socket within the jail (an actual FreeBSD jail(), not a plain chroot):
unix-dgram("/usr/jail/hosts/ssh/root/var/run/log" owner("syslogng") group("syslogng") perm(0600));
The socket is created successfully, I recieve no errors but I also recieve no logs from processes running in the jail. Do I also need a syslog-ng process running inside the jail?
No, but you do need to configure your syslog-ng process to read from "/usr/jail/hosts/ssh/root/var/run/log".
Sorry, should have given a bit more detail there really. My config looks like this: --- # $Id: syslog-ng.conf,v 1.3 2005/11/25 11:24:02 mzero Exp $ # CUSTOM # shell config options { owner("syslogng"); group("syslogng"); dir_owner("syslogng"); dir_group("syslogng"); dir_perm(0750); perm(0640); sync(0); stats(1200); create_dirs(yes); keep_hostname(yes); chain_hostnames(no); use_time_recvd(yes); time_reopen(3); use_dns(no); }; #---------------------------------------------------------------------- source log_main { unix-dgram("/var/run/log" owner("syslogng") group("syslogng") perm(0600)); unix-dgram("/var/spool/postfix/dev/log" owner("syslogng") group("syslogng") perm(0600)); unix-dgram("/usr/jail/hosts/ssh/root/var/run/log" owner("syslogng") group("syslogng") perm(0600)); unix-dgram("/usr/jail/hosts/comms/root/var/run/log" owner("syslogng") group("syslogng") perm(0600)); }; source log_internal { internal(); }; #---------------------------------------------------------------------- # chrooted, relative paths destination local_main { file("/local/$YEAR/$MONTH/$DAY-main.log"); }; destination local_internal { file("/local/$YEAR/$MONTH/$DAY-syslog.log"); }; destination tcp_stunnel { tcp("127.0.0.1" localip(127.0.0.1) port(10514) tcp-keep-alive(yes)); }; #---------------------------------------------------------------------- log { source(log_main); destination(local_main); destination(tcp_stunnel); }; log { source(log_internal); destination(local_internal); destination(tcp_stunnel); }; --- Is there some glaring omission here that I'm not aware of? The above looks to me like it should work properly. thanks, mark -- pgp: http://www.darklogik.org/pub/pgp/pgp.txt 0160 A46A 9A48 D3B0 C92F B690 17FB 4B72 0207 ED43