[syslog-ng] running as non-root doesn't get kernel log
Carlos Carvalho
carlos at fisica.ufpr.br
Mon Jan 29 18:09:53 CET 2007
Balazs Scheidler (bazsi at balabit.hu) wrote on 29 January 2007 17:53:
>On Mon, 2007-01-29 at 12:51 -0200, Carlos Carvalho wrote:
>> SZALAY Attila (sasa at pheniscidae.tvnetwork.hu) wrote on 29 January 2007 15:37:
>> >On Mon, 2007-01-29 at 09:37 -0200, Carlos Carvalho wrote:
>> >> I'm trying to run syslog-ng 2.0.0 as a user that's not root via the -u
>> >> option. The problem is that it doesn't get the kernel log. Tracking
>> >> with strace shows that it doesn't open the kernel destination file. I
>> >
>> >The question is that syslog-ng try to open kernel _source_ file or not?
>> >(The kernel source file is /proc/kmsg) If syslog-ng doesn't have the
>> >right to open (or read when SELinux is installed) this socket than it
>> >cannot read the log messages.
>>
>> It does open /proc/kmsg:
>>
>> open("/proc/kmsg", O_RDONLY|O_NONBLOCK|O_NOCTTY|O_LARGEFILE) = 5
>>
>> It doesn't open /var/log/kernel/log (the file configured as destination).
>
>Can you see any activity on fd 5 after being successfully opened?
I'm not sure what you mean. As I said before, I'm sure events that
produce log entries are generated. Doing a cat /proc/kmsg also shows
them.
More information about the syslog-ng
mailing list