[syslog-ng] NTPD (maybe others) not logging - No idea why...
Charles Jennings
jennings.charles.e.security at gmail.com
Wed Apr 8 16:33:29 CEST 2009
Doesn't look like it - here is some more info:
Chkconfig --list
ntpd 0:off 1:off 2:off 3:off 4:off 5:off
6:off
/etc/crontab
01 * * * * root /usr/sbin/ntpd -q > /dev/null &
/etc/sysconfig/ntpd
# Drop root to id 'ntp:ntp' by default.
OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"
# Set to 'yes' to sync hw clock after successful ntpdate
SYNC_HWCLOCK=yes
# Additional options for ntpdate
NTPDATE_OPTIONS=""
/etc/ntp.conf
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
server time.nist.gov iburst
server 127.127.1.0
fudge 127.127.1.0 stratum 10
driftfile /var/lib/ntp/drift
keys /etc/ntp/keys
-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Sandor Geller (IT)
Sent: Wednesday, April 08, 2009 3:53 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] NTPD (maybe others) not logging - No idea why...
Hi,
On Tue, Apr 7, 2009 at 9:52 PM, Charles Jennings
<jennings.charles.e.security at gmail.com> wrote:
> Syslog-NG Version:
[ cut ]
I'd check first whether ntpd runs in a chrooted environment or not.
When it is chrooted and syslog-ng is restarted (without using the keep-alive
option for /dev/log) then ntpd won't be able to continue logging (/dev/log
gets recreated). For chroot-ed apps you can add the log socket to the
syslog-ng sources. For example chrooted postfix needs
unix-dgram("/var/spool/postfix/dev/log");
Regards,
Sandor
____________________________________________________________________________
__
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list