Here is the output that I get from running "strace":

execve("/usr/local/sbin/syslog-ng", ["/usr/local/sbin/syslog-ng"], [/* 22 vars */]) = 0
brk(0)                                  = 0x8814000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=41643, ...}) = 0
mmap2(NULL, 41643, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f70000
close(3)                                = 0
open("/lib/librt.so.1", O_RDONLY)       = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\10\215\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=44060, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f6f000
mmap2(0x8cf000, 33324, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x8cf000
mmap2(0x8d6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0x8d6000
close(3)                                = 0
open("/lib/libnsl.so.1", O_RDONLY)      = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \361\335\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=101404, ...}) = 0
mmap2(0xddc000, 92104, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xddc000
mmap2(0xdef000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12) = 0xdef000
mmap2(0xdf1000, 6088, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xdf1000
close(3)                                = 0
open("/lib/libglib-2.0.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`m\216\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=644472, ...}) = 0
mmap2(0x8da000, 646636, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x8da000
mmap2(0x977000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9c) = 0x977000
close(3)                                = 0
open("/usr/lib/libevtlog.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\17\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=12044, ...}) = 0
mmap2(NULL, 14988, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb2b000
mmap2(0xb2e000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0xb2e000
close(3)                                = 0
open("/lib/libwrap.so.0", O_RDONLY)     = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300=\207\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=32824, ...}) = 0
mmap2(0x872000, 32188, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x872000
mmap2(0x879000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7) = 0x879000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\37t\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1606808, ...}) = 0
mmap2(0x72c000, 1324452, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x72c000
mmap2(0x86a000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13e) = 0x86a000
mmap2(0x86d000, 9636, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x86d000
close(3)                                = 0
open("/lib/libpthread.so.0", O_RDONLY)  = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000X\212\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=125612, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f6e000
mmap2(0x8a1000, 90592, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x8a1000
mmap2(0x8b4000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12) = 0x8b4000
mmap2(0x8b6000, 4576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x8b6000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f6d000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f6d6c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0x8b4000, 4096, PROT_READ)     = 0
mprotect(0x86a000, 8192, PROT_READ)     = 0
mprotect(0xdef000, 4096, PROT_READ)     = 0
mprotect(0x8d6000, 4096, PROT_READ)     = 0
mprotect(0x723000, 4096, PROT_READ)     = 0
munmap(0xb7f70000, 41643)               = 0
set_tid_address(0xb7f6d708)             = 16916
set_robust_list(0xb7f6d710, 0xc)        = 0
futex(0xbfb87584, FUTEX_WAKE_PRIVATE, 1) = 0
rt_sigaction(SIGRTMIN, {0x8a53d0, [], SA_SIGINFO}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x8a52e0, [], SA_RESTART|SA_SIGINFO}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=10240*1024, rlim_max=RLIM_INFINITY}) = 0
uname({sys="Linux", node="L0982iappv0100.ius.meijer.com", ...}) = 0
brk(0)                                  = 0x8814000
brk(0x8835000)                          = 0x8835000
gettimeofday({1248172733, 541317}, NULL) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, TIOCNOTTY)                     = 0
setsid()                                = 16916
setrlimit(RLIMIT_NOFILE, {rlim_cur=4*1024, rlim_max=4*1024}) = 0
pipe([3, 4])                            = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f6d708) = 16917
close(4)                                = 0
read(3, "0\n", 6)                       = 2
close(3)                                = 0
exit_group(0)                           = ?


On Tue, Jul 21, 2009 at 5:04 AM, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Sun, 2009-07-19 at 12:10 -0400, Scott Ware wrote:
> I have SELinux disabled, and I am running it as root.
>

then please run strace on the syslog-ng process to see why it gets
permission denied problems.


> On Thu, Jul 16, 2009 at 6:13 PM, Balazs Scheidler <bazsi@balabit.hu>
> wrote:
>
>         On Tue, 2009-07-14 at 08:30 -0400, Scott Ware wrote:
>         > So, I complied Syslog-ng with the --enable-spoof-source
>         option, and
>         > everything installed fine. However, when I have the
>         spoof_source(yes)
>         > option in the config file, nothing gets re-directed to my
>         logging
>         > destination.
>         >
>         > If I take the option out, everything gets re-directed. Can
>         you
>         > possible help me? Thanks!
>
>
>         hmm.. does syslog-ng have the necessary permissions. SELinux
>         comes to my
>         mind.

>
--
Bazsi


______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html