I Matt and Bazsi, as Bazsi said, the problem is less one of syslog-ng but one of permissions in the kernel. Access to /proc/kmsg is not only governed by file permissions but also by process capabilities. In this case reading from /proc/kmsg causes internal system calls that are only accessible to the superuser. There have been several kernel patches proposed ([1], [2], to give just a few examples). Kernel developers have already extensively discussed the topic [3]. The only practical solution I know of is the one implemented by Ubuntu in their klogd init script. They are using a daemonized dd process running as root that forwards messages from /proc/kmsg to the log process: kmsgpipe=/var/run/klogd/kmsg ... # create klog-writeable pid and fifo directory mkdir -p /var/run/klogd chown klog:klog /var/run/klogd mkfifo -m 700 $kmsgpipe chown klog:klog $kmsgpipe # shovel /proc/kmsg to pipe readable by klogd user start-stop-daemon --start --pidfile $kmsgpidfile --exec /bin/dd -b -m -- bs=1 if=/proc/kmsg of=$kmsgpipe # start klogd as non-root with reading from kmsgpipe start-stop-daemon --start --quiet --chuid klog --exec $binpath -- $KLOGD I think that this exact solution can be easily ported to syslog-ng. Florian [1] http://lkml.indiana.edu/hypermail/linux/kernel/9806.3/0896.html [2] http://lkml.indiana.edu/hypermail/linux/kernel/9811.1/0073.html [3] http://readlist.com/lists/vger.kernel.org/linux-kernel/55/276838.html