[syslog-ng] running as non-root doesn't get kernel log

Carlos Carvalho carlos at fisica.ufpr.br
Mon Jan 29 18:09:53 CET 2007

Balazs Scheidler (bazsi at balabit.hu) wrote on 29 January 2007 17:53:
 >On Mon, 2007-01-29 at 12:51 -0200, Carlos Carvalho wrote:
 >> SZALAY Attila (sasa at pheniscidae.tvnetwork.hu) wrote on 29 January 2007 15:37:
 >>  >On Mon, 2007-01-29 at 09:37 -0200, Carlos Carvalho wrote:
 >>  >> I'm trying to run syslog-ng 2.0.0 as a user that's not root via the -u
 >>  >> option. The problem is that it doesn't get the kernel log. Tracking
 >>  >> with strace shows that it doesn't open the kernel destination file. I
 >>  >
 >>  >The question is that syslog-ng try to open kernel _source_ file or not?
 >>  >(The kernel source file is /proc/kmsg) If syslog-ng doesn't have the
 >>  >right to open (or read when SELinux is installed) this socket than it
 >>  >cannot read the log messages.
 >> It does open /proc/kmsg:
 >> open("/proc/kmsg", O_RDONLY|O_NONBLOCK|O_NOCTTY|O_LARGEFILE) = 5
 >> It doesn't open /var/log/kernel/log (the file configured as destination).
 >Can you see any activity on fd 5 after being successfully opened?

I'm not sure what you mean. As I said before, I'm sure events that
produce log entries are generated. Doing a cat /proc/kmsg also shows

More information about the syslog-ng mailing list