Hi,

 

Yesterday I upgraded syslog-ng on our central log server from 2.0.5  to 3.0.4 . The OS is solaris 10. Prior to the upgrade I was able to run syslog-ng as a non-root user with the following command:

/usr/local/sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -u syslogng -g syslogng -p /etc/syslog-ng/syslog-ng.pid

 

After the upgrade I get the following error using the same command:

Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Permission denied (13)'

Error initializing source driver; source='gateway', id='gateway#0'

Error initializing message pipeline;

 

If I remove the -u and -g arguments the daemon runs without  issues. Same physical server, OS, and user account prior to the upgrade. I tried the verbose and debug arguments, when starting syslog-ng, but only get the above error. The syslog.conf file is posted below.

 

 I compiled from source using the following options:

./configure --enable-debug --disable-ipv6 --enable-dynamic-linking --enable-pcre --enable-ssl --disable-glibtest --disable-tcp-wrapper

 

Thanks,

Jeff

 

*******************************

/usr/local/sbin/syslog-ng --version

*******************************

Compile-Date: Aug 13 2009 16:25:43

Enable-Threads: off

Enable-Debug: on

Enable-GProf: off

Enable-Memtrace: off

Enable-Sun-STREAMS: on

Enable-Sun-Door: on

Enable-IPv6: off

Enable-Spoof-Source: off

Enable-TCP-Wrapper: off

Enable-SSL: on

Enable-SQL: off

Enable-Linux-Caps: off

Enable-Pcre: on

 

*****************************

syslog-ng.conf

*****************************

@version:3.0

#

#

options {

        use_dns(persist_only);

        dns_cache_hosts(/etc/hosts);

        keep_hostname(yes);

        check_hostname(yes);

        #normalize_hostnames(yes);

        stats_freq(3600);

        log_fifo_size(2000);

        flush_lines(5);

        bad_hostname(Corrupt);

        bad_hostname(disk);

        bad_hostname(drive);

};

 

# local for messages coming in locally

source local {

        sun-streams("/dev/log" door("/etc/.syslog_door"));

        internal();

};

 

# Gateway for UDP Syslog messages.  This is the default

source gateway {

        udp(ip("0.0.0.0")

        port(514));

};

 

template default_template {

        template("$DATE $HOST $PROGRAM[$PID]: $MESSAGE\n");

        template_escape(no);

};

 

# Where to write the incoming log files to.

 

destination hosts {

        file("/opt/log/clients/new_clients/$HOST/$YEAR-$MONTH-$DAY.$FACILITY"

        owner(syslogng) group(syslogng) perm(0644) dir_perm(0755)

        dir_group(syslogng) dir_owner(syslogng) create_dirs(yes)

        template (default_template));

};

 

destination backuphost1 {

        tcp("xxx.xxx.xxx.xxx" port(1468));

};

 

destination backuphost2 {

       udp("xxx.xxx.xxx.xxx " port(514));

};

 

filter Windows_filter {

        program(MSWinEventLog) and

        match("Name: Installer" value("$MESSAGE") flags("ignore-case")) or

        match("Name: MGLdap" value("$MESSAGE") flags("ignore-case")) or

        match("Special privileges assigned to new logon" value("$MESSAGE")) or

        match("Authentication Ticket Request" value("$MESSAGE")) or

        match("Process: Kerberos" value("$MESSAGE"));

};

 

filter RSS_filter {

        match("Bad protocol version" value("$MESSAGE")) or

        match("Did not receive identification string" value("$MESSAGE")) or

        facility(user);

};

 

log {

        source(gateway);

        filter(Windows_filter);

        flags(final);

};

 

log {

        source(gateway);

        filter(RSS_filter);

        flags(final);

};

 

log {

        source(gateway);

        destination(hosts); destination(backuphost1);

};

 

log {

        source(local);

        destination(hosts); destination(backuphost1); destination(backuphost2);

};