[syslog-ng] Re: syslog-ng Digest, Vol 4, Issue 5

Arnold Wang arnold.wang at inovis.com
Wed Aug 3 19:31:21 CEST 2005


Thanks for your help, Valdis. I run the strace and found the missing
library files. My current $CHROOTDIR looks like this:
./
./lib
./lib/libnss_dns.so.2
./etc
./etc/ld.so.cache
./etc/resolv.conf
./etc/localtime
./etc/host.conf
./etc/hosts
./etc/syslog-ng
./etc/syslog-ng/syslog-ng.conf
./etc/nsswitch.conf
./dev
./dev/zero
./dev/null
./var
./var/log
./var/log/syslogng.log
./var/log/HOSTS
I guess I'll need more files once I start logging to MYSQL, however it
should be a easy task now with the help of strace and the kind people of
this list, I hope.

On Wed, 2005-08-03 at 12:00 +0200, syslog-ng-request at lists.balabit.hu
wrote:

> On Tue, 02 Aug 2005 15:28:01 PDT, Arnold Wang said:
> 
> > I'm running syslog-ng in chroot mode, followed the instructions in
> > http://www.campin.net/syslog-ng/chroot-jail.html. I also enabled DNS
> > lookup so I can show the Cisco routers in their friendly names instead
> > of IPs. The DNS lookup works fine until I enabled chroot mode. I copied
> > "nsswitch.conf" and "resolv.conf" files into $CHROOTDIR/etc as well,
> > just in case.
> 
> You'll also need any shared libs your syslog-ng binary needs (use ldd to find them),
> and probably stuff in $CHROOT/dev as well (dev/null and dev/zero come to mind).
> 
> I'm probably missing something here - 'strace -f chroot $CHROOT bin/syslog-ng' will
> show you if you're missing anything else...
> 
> > BTW, the host is RHEL4 and I set SELinux to "permissive".
> 
> 'permissive' will probably throw a whole lot of AVC messages unless you label
> the contexts for the files in the chroot tree (fortunately, there's hopefully
> not a lot, so hand-labelling is probably feasible).  Sorry, the inability to
> use 'restorecon' to label a chroot tree is a known deficiency in the current
> tools...
> 
> Fortunately, in permissive mode, each avc message is only printed once, so you'll
> get spammed with a bunch of messages at startup (and probably one/two more logmsgs
> for each logfile it opens).
> 
> > Will my configuration work? If so, what should I check? Thanks in
> > advance for help.
> 
> Shared libs.. /dev entries. The strace command I gave should help find
> other stuff that's missing.  Good luck. ;)


More information about the syslog-ng mailing list