[syslog-ng]FAQ-seeding: chroot jail procedure for Syslog-ng
Wolfgang Braun
syslog-ng@lists.balabit.hu
Sun, 23 Jan 2005 22:03:57 +0100
On Tue, Jan 18, 2005 at 10:18:44AM -0600, Michael D. (Mick) Bauer wrote:
[..]
> It worked for me through what I hope was thorough testing, but if I've
> gotten anything wrong, please let me know -- I've got an Errata
> website.
[..]
One minor thing to consider:
If you use logrotate/newsyslog to rotate logfiles things will break if
you read from 514/udp/tcp or any other privilleged sources (like
/proc/kmsg on Linux) and send SIGHUP to syslog-ng to restart logfiles.
Those resources are no longer available once you dropped privilleges and
went to jail.
Ad hoc solution:
- Take syslog-ng out of log rotation.
- expand logfile names with $YEAR-$MONTH-$DAY variables
- use find in a cron job to compress/remove logfiles
- avoid kill -HUP, restart syslog-ng when your config changes
--
Wolfgang Braun, Dipl.-Inform. (FH)
<wolfgang.braun@gmx.de>
gpg-key: 1024D/4B32CE55
gpg-fingerprint: 7F0F DE82 94A5 B476 0E08 4972 AC95 31A3 4B32 CE55