[syslog-ng] Syslog-ng refuses to create directories on Linux
John Chajecki
John.Chajecki at leicester.gov.uk
Tue Feb 24 16:06:10 CET 2009
We have been running a syslog server on a Solaris server for some time. The server collects syslogs from a number of sources and places the log
data into separate files for each system according to the host IP address and date. Recently, we have begun migrating the facility to a Linux server running Novell SuSE Linux 10. (SLES10) 64bit.
We are running syslog-ng version 2.0.9-6.1 for the 64bit platform which I obtained from OpenSuSE and that is supposed to be compatible with SLES10.
The problem is that although I am using essentially the same config file I am getting my log filled with:
Feb 24 14:55:04 itssyslog syslog-ng[10090]: Error opening file for writing; filename='/media/syslog/HOSTS/192.168.1.146', error='Permission denied (13)'
The directories /media, /media/syslog and /media/syslog/HOSTS have permissions of 0640.
This is what happens in strace:
open("/var/run/syslog-ng.pid", O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY, 0600) = 7
write(7, "10090", 5) = 5
close(7) = 0
open("/dev/null", O_RDONLY) = 7
dup2(7, 0) = 0
close(7) = 0
open("/dev/null", O_WRONLY) = 7
dup2(7, 1) = 1
dup2(7, 2) = 2
close(7) = 0
setsid() = 10090
poll([{fd=3, events=POLLIN}, {fd=4, events=POLLIN}], 2, 0) = 0
uname({sys="Linux", node="itssyslog", ...}) = 0
open("/var/log/messages", O_WRONLY|O_NONBLOCK|O_APPEND|O_CREAT|O_NOCTTY, 0640) = 7
fcntl(7, F_GETFD) = 0
fcntl(7, F_SETFD, FD_CLOEXEC) = 0
fchown(7, 0, 4294967295) = 0
fchown(7, 4294967295, 0) = 0
fchmod(7, 0640) = 0
poll([{fd=7, events=POLLOUT, revents=POLLOUT}, {fd=3, events=POLLIN}, {fd=4, eve
nts=POLLIN}], 3, 29983) = 1
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1323, ...}) = 0
write(7, "Feb 24 14:16:50 itssyslog syslog"..., 83) = 83
poll([{fd=3, events=POLLIN}, {fd=4, events=POLLIN, revents=POLLIN}], 2, 29983) = 1
recvfrom(4, "<22>Feb 24 14:12:24 192.168.193."..., 8192, 0, {sa_family=AF_INET,
sin_port=htons(61643), sin_addr=inet_addr("192.168.1.146")}, [16]) = 155
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1323, ...}) = 0
brk(0x5be000) = 0x5be000
brk(0x5df000) = 0x5df000
open("/media/syslog/HOSTS/192.168.1.146/2009/02/24/192.168.1.146.log", O_WRONLY|
O_NONBLOCK|O_APPEND|O_CREAT|O_NOCTTY, 0640) = -1 ENOENT (No such file or directory)
stat("/media", {st_mode=S_IFDIR|0640, st_size=4096, ...}) = 0
stat("/media/syslog", {st_mode=S_IFDIR|0640, st_size=4096, ...}) = 0
stat("/media/syslog/HOSTS", {st_mode=S_IFDIR|0640, st_size=4096, ...}) = 0
stat("/media/syslog/HOSTS/192.168.1.146", 0x7fff7eb5c400) = -1 ENOENT (No such file or directory)
mkdir("/media/syslog/HOSTS/192.168.1.146", 0640) = -1 EACCES (Permission denied)
recvfrom(4, 0x583fe0, 8192, 0, 0x7fff7eb5c780, 0x7fff7eb5c80c) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN}, {fd=4, events=POLLIN}], 2, 0) = 0
.....
For some reason, the syslog-ng daemon tries to create the directory structure but fails with the Permission denied error. itssyslog:/var/log #
The daemon is running as root:
ps -ef |grep syslog-ng
root 10077 1 0 14:15 ? 00:00:00 /sbin/syslog-ng
I have tried creating a directory structure manually and I have no problem creating, writing to and removing the directories.
Just to test, I created another directory stucture /syslog/HOSTS with permissions 0777. I restarted the syslog-ng service but I got the same error. I also ran the syslog-ng executable manually as root, but still got the same problem.
What's stopping syslog-ng from creating the directory structure?
Does it perhaps run in a chroot jail by default?
As I mentioned, this worked fine on the Solaris system.
John.
More information about the syslog-ng
mailing list