Re: [syslog-ng] Collecting logs from a chrooted appli
Hi,
Well, /dev/log shouldn't be a directory. It should be a socket which programs could use by calling openlog/sendlog libc functions. syslog-ng will create the socket for you, you shouldn't do it yourself.
I setup syslog-ng.conf with this setings to let create the stream: source src_chroot_appli { unix-stream("/var/appli/dev/log"); }; It works and create the socket. then i config the application log stream path to /dev/log (as the application is chrooted, the root directory is already /var/appli, so logging to /dev/log is ok ) then the configuration to log it in the appli.log file in the /var/log/ outside the chroot : destination appli_log { file("/var/log/appli.log"); }; then log { source(src_chroot_appli); destination(appli_log); }; But nothing is created in the /var/log directory (outside chroot). Btw: syslog-ng version is 1.6.9 Best regards, S.Gautch _________________________________________________________________ Caroline vient de mettre à jour son profil Messenger ! Connectez-vous ! http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1198837564&rver=4....
Hi,
I setup syslog-ng.conf with this setings to let create the stream:
source src_chroot_appli { unix-stream("/var/appli/dev/log"); };
It works and create the socket.
then i config the application log stream path to /dev/log (as the application is chrooted, the root directory is already /var/appli, so logging to /dev/log is ok )
then the configuration to log it in the appli.log file in the /var/log/ outside the chroot :
destination appli_log { file("/var/log/appli.log"); };
then
log { source(src_chroot_appli); destination(appli_log); };
But nothing is created in the /var/log directory (outside chroot).
Btw: syslog-ng version is 1.6.9
Could you trace the application? It would be really good to see how does it try to log. The best would be to start it under strace. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
Well in fact the application create a file to log into, not a stream, can syslog-ng get a file in a chroot for a source, seams to work only with stream that are in a chroot. And yes, i strace the application and notice that the application just create a file, not stream log. any chance of getting syslog-ng take this file for source ? (as for now, it doesn't take a chroot file).
From: Sandor.Geller@morganstanley.com To: syslog-ng@lists.balabit.hu Date: Fri, 6 Jun 2008 09:07:42 +0100 Subject: Re: [syslog-ng] Collecting logs from a chrooted appli
Hi,
I setup syslog-ng.conf with this setings to let create the stream:
source src_chroot_appli { unix-stream("/var/appli/dev/log"); };
It works and create the socket.
then i config the application log stream path to /dev/log (as the application is chrooted, the root directory is already /var/appli, so logging to /dev/log is ok )
then the configuration to log it in the appli.log file in the /var/log/ outside the chroot :
destination appli_log { file("/var/log/appli.log"); };
then
log { source(src_chroot_appli); destination(appli_log); };
But nothing is created in the /var/log directory (outside chroot).
Btw: syslog-ng version is 1.6.9
Could you trace the application? It would be really good to see how does it try to log. The best would be to start it under strace.
Regards,
Sandor --------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
_________________________________________________________________ Votre contact a choisi Hotmail, l'e-mail ultra sécurisé. Créez un compte gratuitement ! http://www.windowslive.fr/hotmail/default.asp
Hi,
Well in fact the application create a file to log into, not a stream, can syslog-ng get a file in a chroot for a source, seams to work only with stream that are in a chroot.
It doesn't matter whether the file is in the chroot or not as syslog-ng shouldn't know anything about the chroot. I'm not sure but you should use the 2.0 line of syslog-ng, see the follow_freq() option - it might help in cases where the file isn't in place during syslog-ng startup. BTW does you application append to its logfile or it creates a new file when it starts? Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
The application append to the log file> I'm not sure but you should use the 2.0 line of syslog-ng, see> the follow_freq() option - it might help in cases where the> file isn't in place during syslog-ng startup.> > BTW does you application append to its logfile or it creates a> new file when it starts? _________________________________________________________________ Caroline vient de mettre à jour son profil Messenger ! Connectez-vous ! http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1198837564&rver=4....
participants (2)
-
Gault Stephane
-
Geller, Sandor (IT)