[syslog-ng] Syslog-ng with Ipsec or with Stunnel?

Mounib Khanafer mounibkh at nortel.com
Fri Jan 27 23:07:12 CET 2006 

Hi all,
I hope if someone can help me with this. I'm researching syslog-ng and
colllecting as much info as posiible bout it. I want to know which does
perform better when working with syslog-ng: IPsec or Stunnel? Please
note that I use Solaris 8 and 9 worksations. Thanks a lot.

Best Regards,
Mounib

-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Heigl Florian -
Munich-MR - external
Sent: Friday, January 27, 2006 11:43 AM
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] chroot or configuration issue when directories
getcreated as 'root'?


Hi list,
 
I'm stumbling over what is hopefully just a configuration issue...
 
syslog-ng 'seems' to drop privileges and run as user syslogng, but
creates new directories as root and will fail to write new logfiles
inside them. I'm afraid this is related to still having port
514 open...
Funny thing: The files in those directories will use the specified
permissions :)
 
I was  starting syslog-ng with the following parameters:
/opt/syslog-ng/sbin/syslog-ng --pidfile=/var/run/syslog-ng.pid
--chroot=/var/opt/syslog-ng --user=syslogng --group=syslogng
 
# Log file
options { sync (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (on);
          use_dns (yes);
          use_fqdn (yes);
          create_dirs (yes);
# leave this to 'no', see
http://www.campin.net/syslog-ng/faq.html#bad_filenames
          keep_hostname (no);
        };
# Source - only listen on UDP, don't read /dev/log  source s_udp {
udp(); };

# [ I cut filters section out ]
 
# testing external input now
destination logip {
 
file("/logs/remote/$HOST_FROM/$YEAR$MONTH/$FACILITY$YEAR$MONTH$DAY"
        owner(syslogng) group(syslogng) perm(0600) dir_perm(0700)
create_dirs(yes)
        template("$DATE $FULLHOST $PROGRAM $TAG [$FACILITY.$LEVEL]
$MESSAGE\n")
 );
};
 
log {
        source(s_udp);
        destination(logip);
};

# EOF
 
Currently I'm running it as root and am thinking about using a
portforward
514->10514 so I don't require any root privileges.
Alternatively I could try out Balabit's restrict, which seems to be
better at dropping root privileges, but unfortunately I have no clue how
it works, and am not sure if it will work on HP-UX :)
 
Can You try to make me understand where the problem is hiding?
Configuration? Port Number? Bug? User?
 
Thanks a lot of Your time!
 
Florian
 
--
I'll save You the signature :)
_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

More information about the syslog-ng mailing list