On Tue, Jan 18, 2005 at 10:18:44AM -0600, Michael D. (Mick) Bauer wrote: [..]
It worked for me through what I hope was thorough testing, but if I've gotten anything wrong, please let me know -- I've got an Errata website. [..]
One minor thing to consider: If you use logrotate/newsyslog to rotate logfiles things will break if you read from 514/udp/tcp or any other privilleged sources (like /proc/kmsg on Linux) and send SIGHUP to syslog-ng to restart logfiles. Those resources are no longer available once you dropped privilleges and went to jail. Ad hoc solution: - Take syslog-ng out of log rotation. - expand logfile names with $YEAR-$MONTH-$DAY variables - use find in a cron job to compress/remove logfiles - avoid kill -HUP, restart syslog-ng when your config changes -- Wolfgang Braun, Dipl.-Inform. (FH) <wolfgang.braun@gmx.de> gpg-key: 1024D/4B32CE55 gpg-fingerprint: 7F0F DE82 94A5 B476 0E08 4972 AC95 31A3 4B32 CE55