On 8/21/07, Robin P. Blanchard <robin.blanchard@georgiacenter.uga.edu> wrote:

# syslog-ng -d -f /etc/syslog-ng/syslog-ng.conf

[snip]

Cannot open file /export/syslog/10.10.0.2102007/08/21/messages for writing (Permission denied)

# ls -ald /export/ ; ls -ald /export/syslog/ drwxr-xr-x 5 root root 4096 Aug 21 10:16 /export/ drwxrwsr-x 2 root root 4096 Aug 21 09:41 /export/syslog/

# fgrep "\$HOST" /etc/syslog-ng/syslog-ng.conf |fgrep messages destination localmessages { file("/export/syslog/$HOST/$YEAR/$MONTH/$DAY/localmessages"); }; destination messages { file("/export/syslog/$HOST/$YEAR/$MONTH/$DAY/messages"); }; #destination allmessages { file("/export/syslog/$HOST/$YEAR/$MONTH/$DAY/allmessages"); };

So...it would apppear that: 1) macro expansion is not working ? (I can hand hack-in an extra "/" to force that path to look correct) 2) syslog-ng cannot write to its output dir (regardless if I hack in that extra "/"

Ideas ?

just one .... did you set 'create_dirs (yes);' in your global options? ... hmm ... but if not I would expect another error message. Regards, Andreas

# uname -a Linux auth 2.6.16.46-0.14-default #1 Thu May 17 14:00:09 UTC 2007 i686 i686 i386 GNU/Linux

# rpm -qa |fgrep -i syslog syslog-ng-1.6.8-20.18

--------------------------------------- Robin P. Blanchard Systems Integration Specialist The University of Georgia Center for Continuing Education Conference Center & Hotel fon: 706.542.2404 < > fax: 706.542.1587 --------------------------------------- _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

On Tue, 2007-08-21 at 10:26 -0400, Robin P. Blanchard wrote:

# syslog-ng -d -f /etc/syslog-ng/syslog-ng.conf

[snip]

Cannot open file /export/syslog/10.10.0.2102007/08/21/messages for writing (Permission denied)

# ls -ald /export/ ; ls -ald /export/syslog/ drwxr-xr-x 5 root root 4096 Aug 21 10:16 /export/ drwxrwsr-x 2 root root 4096 Aug 21 09:41 /export/syslog/

# fgrep "\$HOST" /etc/syslog-ng/syslog-ng.conf |fgrep messages destination localmessages { file("/export/syslog/$HOST/$YEAR/$MONTH/$DAY/localmessages"); }; destination messages { file("/export/syslog/$HOST/$YEAR/$MONTH/$DAY/messages"); }; #destination allmessages { file("/export/syslog/$HOST/$YEAR/$MONTH/$DAY/allmessages"); };

So...it would apppear that: 1) macro expansion is not working ? (I can hand hack-in an extra "/" to force that path to look correct)

I don't see how that '0' could replace the '/' that was originally intended in your template I've checked the NEWS files, but there are no template expansion specific bug that could be related to this. I don't know whether SLES contains syslog-ng patches though. Can you check what patches are applied by SUSE?

2) syslog-ng cannot write to its output dir (regardless if I hack in that extra "/"

is syslog-ng running as root? is there something like SELinux/AppArmor that could prevent syslog-ng to write to that directory? -- Bazsi