I am new to this list and new to syslog-ng so please forgive me if this question has been asked before. I looked through the archive but didn't come across anything that helped me. I have syslog-ng working on my FC3 box with SELinux set at its highest setting(wow that was fun!) but it logs the IP address of the remote host instead of the hostname. I can't seem to get it to log anything different than the IP address of the box sending the log. Here is my options in syslog-ng.conf: options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (yes); keep_hostname (yes); }; what am I doing wrong? Regards, The Speedster _________________________________________________________________ MSN® Calendar keeps you organized and takes the effort out of scheduling get-togethers. http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=htt... Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*.
On Wed, 25 May 2005 15:26:59 -0000, Speedy Sweedy said:
I am new to this list and new to syslog-ng so please forgive me if this question has been asked before. I looked through the archive but didn't come across anything that helped me.
I have syslog-ng working on my FC3 box with SELinux set at its highest setting(wow that was fun!) but it logs the IP address of the remote host instead of the hostname. I can't seem to get it to log anything different than the IP address of the box sending the log. Here is my options in syslog-ng.conf:
options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (yes); keep_hostname (yes); };
what am I doing wrong?
Most likely, you have a borked syslog-ng.te that doesn't allow the syslog-ng process to read /etc/nsswitch.conf or similar, breaking DNS lookups. Grep through your logs and find any avc entries that reference syslog-ng. (And BTW - FC4 is about to escape, I'd *strongly* recommend upgrading to it if you're doing any SELinux work - the policy definitions have been worked on a *lot*. If you can't upgrade, at least get the updated SELinux RPMs (they should work OK on the FC3 kernel)).
Most likely, you have a borked syslog-ng.te that doesn't allow the syslog-ng process to read /etc/nsswitch.conf or similar, breaking DNS lookups.
I used an RPM to install syslog-ng - could I get away with downloading the source, compile it and replace the syslog-ng bin?
Grep through your logs and find any avc entries that reference syslog-ng.
(And BTW - FC4 is about to escape, I'd *strongly* recommend upgrading to it if you're doing any SELinux work - the policy definitions have been worked on a *lot*. If you can't upgrade, at least get the updated SELinux RPMs (they should work OK on the FC3 kernel)).
Yeah, I've read about FC4 being much better for syslog-ng. I'm about ready to start over using the FC4 test3 iso's but didn't know what happens once fc4 is released as far as installing the new released version. _________________________________________________________________ Don't just Search. Find! http://search.sympatico.msn.ca/default.aspx The new MSN Search! Check it out!
On Wed, 25 May 2005 17:34:16 -0000, Speedy Sweedy said:
I used an RPM to install syslog-ng - could I get away with downloading the source, compile it and replace the syslog-ng bin?
Probably wouldn't make a difference - the policy is in the selinux-policy-* RPMs. Having an RPM ship its own policy is an open research problem at the moment.
Yeah, I've read about FC4 being much better for syslog-ng. I'm about ready to start over using the FC4 test3 iso's but didn't know what happens once fc4 is released as far as installing the new released version.
FC4-test3 and the final FC4 will be close enough that you should be able to just 'yum update' or 'up2date' the system to FC4-final.
(And BTW - FC4 is about to escape, I'd *strongly* recommend upgrading to it if you're doing any SELinux work - the policy definitions have been worked on a *lot*. If you can't upgrade, at least get the updated SELinux RPMs (they should work OK on the FC3 kernel)).
Yeah, I've read about FC4 being much better for syslog-ng. I'm about ready to start over using the FC4 test3 iso's but didn't know what happens once fc4 is released as far as installing the new released version.
FYI: The use_syslogng SELinux boolean (see [1]) has been dropped from the FC4 targeted policy leaving all the syslog-ng rules enabled by default. This change is also expected to be backported to FC3 and RHEL4. jpo References: [1] [syslog-ng]FYI: Fedora Core 3, syslog-ng, and SELinux https://lists.balabit.hu/pipermail/syslog-ng/2005-April/007347.html -- José Pedro Oliveira * mailto: jpo@di.uminho.pt * http://gsd.di.uminho.pt/~jpo * * gpg fingerprint = F9B6 8D87 859D 1C94 48F0 84C0 9749 9EB5 91BD 851B *
participants (3)
-
José Pedro Oliveira
-
Speedy Sweedy
-
Valdis.Kletnieks@vt.edu