[syslog-ng] Re: syslog-ng in a freeBSD jail
markzero
syslog-ng at darklogik.org
Wed Nov 30 01:57:59 CET 2005
> >I am running FreeBSD 6.0-RELEASE. I have syslog-ng running on the
> >host system and have specified in the config that it should create
> >a log socket within the jail (an actual FreeBSD jail(), not a plain
> >chroot):
> >
> > unix-dgram("/usr/jail/hosts/ssh/root/var/run/log"
> > owner("syslogng")
> > group("syslogng")
> > perm(0600));
> >
> >The socket is created successfully, I recieve no errors but I also
> >recieve no logs from processes running in the jail. Do I also need
> >a syslog-ng process running inside the jail?
>
> No, but you do need to configure your syslog-ng process to read from
> "/usr/jail/hosts/ssh/root/var/run/log".
Sorry, should have given a bit more detail there really. My config
looks like this:
---
# $Id: syslog-ng.conf,v 1.3 2005/11/25 11:24:02 mzero Exp $
# CUSTOM
# shell config
options {
owner("syslogng");
group("syslogng");
dir_owner("syslogng");
dir_group("syslogng");
dir_perm(0750);
perm(0640);
sync(0);
stats(1200);
create_dirs(yes);
keep_hostname(yes);
chain_hostnames(no);
use_time_recvd(yes);
time_reopen(3);
use_dns(no);
};
#----------------------------------------------------------------------
source log_main {
unix-dgram("/var/run/log"
owner("syslogng")
group("syslogng")
perm(0600));
unix-dgram("/var/spool/postfix/dev/log"
owner("syslogng")
group("syslogng")
perm(0600));
unix-dgram("/usr/jail/hosts/ssh/root/var/run/log"
owner("syslogng")
group("syslogng")
perm(0600));
unix-dgram("/usr/jail/hosts/comms/root/var/run/log"
owner("syslogng")
group("syslogng")
perm(0600));
};
source log_internal {
internal();
};
#----------------------------------------------------------------------
# chrooted, relative paths
destination local_main {
file("/local/$YEAR/$MONTH/$DAY-main.log");
};
destination local_internal {
file("/local/$YEAR/$MONTH/$DAY-syslog.log");
};
destination tcp_stunnel {
tcp("127.0.0.1"
localip(127.0.0.1)
port(10514)
tcp-keep-alive(yes));
};
#----------------------------------------------------------------------
log {
source(log_main);
destination(local_main);
destination(tcp_stunnel);
};
log {
source(log_internal);
destination(local_internal);
destination(tcp_stunnel);
};
---
Is there some glaring omission here that I'm not aware of? The above
looks to me like it should work properly.
thanks,
mark
--
pgp: http://www.darklogik.org/pub/pgp/pgp.txt
0160 A46A 9A48 D3B0 C92F B690 17FB 4B72 0207 ED43
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 825 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20051130/d3a50fba/attachment.pgp
More information about the syslog-ng
mailing list