Hi all, I hope if someone can help me with this. I'm researching syslog-ng and colllecting as much info as posiible bout it. I want to know which does perform better when working with syslog-ng: IPsec or Stunnel? Please note that I use Solaris 8 and 9 worksations. Thanks a lot. Best Regards, Mounib -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Heigl Florian - Munich-MR - external Sent: Friday, January 27, 2006 11:43 AM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] chroot or configuration issue when directories getcreated as 'root'? Hi list, I'm stumbling over what is hopefully just a configuration issue... syslog-ng 'seems' to drop privileges and run as user syslogng, but creates new directories as root and will fail to write new logfiles inside them. I'm afraid this is related to still having port 514 open... Funny thing: The files in those directories will use the specified permissions :) I was starting syslog-ng with the following parameters: /opt/syslog-ng/sbin/syslog-ng --pidfile=/var/run/syslog-ng.pid --chroot=/var/opt/syslog-ng --user=syslogng --group=syslogng # Log file options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (on); use_dns (yes); use_fqdn (yes); create_dirs (yes); # leave this to 'no', see http://www.campin.net/syslog-ng/faq.html#bad_filenames keep_hostname (no); }; # Source - only listen on UDP, don't read /dev/log source s_udp { udp(); }; # [ I cut filters section out ] # testing external input now destination logip { file("/logs/remote/$HOST_FROM/$YEAR$MONTH/$FACILITY$YEAR$MONTH$DAY" owner(syslogng) group(syslogng) perm(0600) dir_perm(0700) create_dirs(yes) template("$DATE $FULLHOST $PROGRAM $TAG [$FACILITY.$LEVEL] $MESSAGE\n") ); }; log { source(s_udp); destination(logip); }; # EOF Currently I'm running it as root and am thinking about using a portforward 514->10514 so I don't require any root privileges. Alternatively I could try out Balabit's restrict, which seems to be better at dropping root privileges, but unfortunately I have no clue how it works, and am not sure if it will work on HP-UX :) Can You try to make me understand where the problem is hiding? Configuration? Port Number? Bug? User? Thanks a lot of Your time! Florian -- I'll save You the signature :) _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html