[syslog-ng] Unable to run syslog-ng 3.0.4 as non-root on solaris 10

Jeffrey Psolla JPsolla at pscufs.com
Fri Aug 14 15:20:47 CEST 2009 

Hi,

Yesterday I upgraded syslog-ng on our central log server from 2.0.5  to 3.0.4 . The OS is solaris 10. Prior to the upgrade I was able to run syslog-ng as a non-root user with the following command:
/usr/local/sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -u syslogng -g syslogng -p /etc/syslog-ng/syslog-ng.pid

After the upgrade I get the following error using the same command:
Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Permission denied (13)'
Error initializing source driver; source='gateway', id='gateway#0'
Error initializing message pipeline;

If I remove the -u and -g arguments the daemon runs without  issues. Same physical server, OS, and user account prior to the upgrade. I tried the verbose and debug arguments, when starting syslog-ng, but only get the above error. The syslog.conf file is posted below.

 I compiled from source using the following options:
./configure --enable-debug --disable-ipv6 --enable-dynamic-linking --enable-pcre --enable-ssl --disable-glibtest --disable-tcp-wrapper

Thanks,
Jeff

*******************************
/usr/local/sbin/syslog-ng --version
*******************************
Compile-Date: Aug 13 2009 16:25:43
Enable-Threads: off
Enable-Debug: on
Enable-GProf: off
Enable-Memtrace: off
Enable-Sun-STREAMS: on
Enable-Sun-Door: on
Enable-IPv6: off
Enable-Spoof-Source: off
Enable-TCP-Wrapper: off
Enable-SSL: on
Enable-SQL: off
Enable-Linux-Caps: off
Enable-Pcre: on

*****************************
syslog-ng.conf
*****************************
@version:3.0
#
#
options {
        use_dns(persist_only);
        dns_cache_hosts(/etc/hosts);
        keep_hostname(yes);
        check_hostname(yes);
        #normalize_hostnames(yes);
        stats_freq(3600);
        log_fifo_size(2000);
        flush_lines(5);
        bad_hostname(Corrupt);
        bad_hostname(disk);
        bad_hostname(drive);
};

# local for messages coming in locally
source local {
        sun-streams("/dev/log" door("/etc/.syslog_door"));
        internal();
};

# Gateway for UDP Syslog messages.  This is the default
source gateway {
        udp(ip("0.0.0.0")
        port(514));
};

template default_template {
        template("$DATE $HOST $PROGRAM[$PID]: $MESSAGE\n");
        template_escape(no);
};

# Where to write the incoming log files to.

destination hosts {
        file("/opt/log/clients/new_clients/$HOST/$YEAR-$MONTH-$DAY.$FACILITY"
        owner(syslogng) group(syslogng) perm(0644) dir_perm(0755)
        dir_group(syslogng) dir_owner(syslogng) create_dirs(yes)
        template (default_template));
};

destination backuphost1 {
        tcp("xxx.xxx.xxx.xxx" port(1468));
};

destination backuphost2 {
       udp("xxx.xxx.xxx.xxx " port(514));
};

filter Windows_filter {
        program(MSWinEventLog) and
        match("Name: Installer" value("$MESSAGE") flags("ignore-case")) or
        match("Name: MGLdap" value("$MESSAGE") flags("ignore-case")) or
        match("Special privileges assigned to new logon" value("$MESSAGE")) or
        match("Authentication Ticket Request" value("$MESSAGE")) or
        match("Process: Kerberos" value("$MESSAGE"));
};

filter RSS_filter {
        match("Bad protocol version" value("$MESSAGE")) or
        match("Did not receive identification string" value("$MESSAGE")) or
        facility(user);
};

log {
        source(gateway);
        filter(Windows_filter);
        flags(final);
};

log {
        source(gateway);
        filter(RSS_filter);
        flags(final);
};

log {
        source(gateway);
        destination(hosts); destination(backuphost1);
};

log {
        source(local);
        destination(hosts); destination(backuphost1); destination(backuphost2);
};

________________________________
-----------------------------------------------------------------------
This e-mail is intended for the addressee shown.
It contains information that is confidential and
protected from disclosure. Any review, dissemination
or use of this transmission or its contents by persons
or unauthorized employees of the intended organizations
is strictly prohibited.

The contents of this email do not necessarily represent
the views or policies of PSCU Financial Services.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090814/a8b8edfb/attachment.htm

More information about the syslog-ng mailing list