[syslog-ng] Syslog-ng refuses to create directories on Linux

Sandor Geller (IT) Sandor.Geller at morganstanley.com
Tue Feb 24 16:10:43 CET 2009 

Hi,

Welcome to the wonderful world of AppArmor :)

Regards,

Sandor

On Tue, Feb 24, 2009 at 4:06 PM, John Chajecki
<John.Chajecki at leicester.gov.uk> wrote:
>
> We have been running a syslog server on a Solaris server for some time. The server collects syslogs from a number of sources and places the log
> data into separate files for each system according to the host IP address and date. Recently, we have begun migrating the facility to a Linux server running Novell SuSE Linux 10. (SLES10) 64bit.
>
> We are running syslog-ng version 2.0.9-6.1 for the 64bit platform which I obtained from OpenSuSE and that is supposed to be compatible with SLES10.
>
> The problem is that although I am using essentially the same config file I am getting my log filled with:
>
> Feb 24 14:55:04 itssyslog syslog-ng[10090]: Error opening file for writing; filename='/media/syslog/HOSTS/192.168.1.146', error='Permission denied (13)'
>
> The directories /media, /media/syslog and /media/syslog/HOSTS have permissions of 0640.
>
> This is what happens in strace:
>
> open("/var/run/syslog-ng.pid", O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY, 0600) = 7
> write(7, "10090", 5)                    = 5
> close(7)                                = 0
> open("/dev/null", O_RDONLY)             = 7
> dup2(7, 0)                              = 0
> close(7)                                = 0
> open("/dev/null", O_WRONLY)             = 7
> dup2(7, 1)                              = 1
> dup2(7, 2)                              = 2
> close(7)                                = 0
> setsid()                                = 10090
> poll([{fd=3, events=POLLIN}, {fd=4, events=POLLIN}], 2, 0) = 0
> uname({sys="Linux", node="itssyslog", ...}) = 0
> open("/var/log/messages", O_WRONLY|O_NONBLOCK|O_APPEND|O_CREAT|O_NOCTTY, 0640) = 7
> fcntl(7, F_GETFD)                       = 0
> fcntl(7, F_SETFD, FD_CLOEXEC)           = 0
> fchown(7, 0, 4294967295)                = 0
> fchown(7, 4294967295, 0)                = 0
> fchmod(7, 0640)                         = 0
> poll([{fd=7, events=POLLOUT, revents=POLLOUT}, {fd=3, events=POLLIN}, {fd=4, eve
> nts=POLLIN}], 3, 29983) = 1
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1323, ...}) = 0
> write(7, "Feb 24 14:16:50 itssyslog syslog"..., 83) = 83
> poll([{fd=3, events=POLLIN}, {fd=4, events=POLLIN, revents=POLLIN}], 2, 29983) = 1
> recvfrom(4, "<22>Feb 24 14:12:24 192.168.193."..., 8192, 0, {sa_family=AF_INET,
> sin_port=htons(61643), sin_addr=inet_addr("192.168.1.146")}, [16]) = 155
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1323, ...}) = 0
> brk(0x5be000)                           = 0x5be000
> brk(0x5df000)                           = 0x5df000
> open("/media/syslog/HOSTS/192.168.1.146/2009/02/24/192.168.1.146.log", O_WRONLY|
> O_NONBLOCK|O_APPEND|O_CREAT|O_NOCTTY, 0640) = -1 ENOENT (No such file or directory)
> stat("/media", {st_mode=S_IFDIR|0640, st_size=4096, ...}) = 0
> stat("/media/syslog", {st_mode=S_IFDIR|0640, st_size=4096, ...}) = 0
> stat("/media/syslog/HOSTS", {st_mode=S_IFDIR|0640, st_size=4096, ...}) = 0
> stat("/media/syslog/HOSTS/192.168.1.146", 0x7fff7eb5c400) = -1 ENOENT (No such file or directory)
> mkdir("/media/syslog/HOSTS/192.168.1.146", 0640) = -1 EACCES (Permission denied)
> recvfrom(4, 0x583fe0, 8192, 0, 0x7fff7eb5c780, 0x7fff7eb5c80c) = -1 EAGAIN (Resource temporarily unavailable)
> poll([{fd=3, events=POLLIN}, {fd=4, events=POLLIN}], 2, 0) = 0
> .....
>
>
> For some reason, the syslog-ng daemon tries to create the directory structure but fails with the Permission denied error. itssyslog:/var/log #
> The daemon is running as root:
>
> ps -ef |grep syslog-ng
> root     10077     1  0 14:15 ?        00:00:00 /sbin/syslog-ng
>
> I have tried creating a directory structure manually and I have no problem creating, writing to and removing the directories.
>
> Just to test, I created another directory stucture /syslog/HOSTS with permissions 0777. I restarted the syslog-ng service but I got the same error. I also ran the syslog-ng executable manually as root, but still got the same problem.
>
> What's stopping syslog-ng from creating the directory structure?
> Does it perhaps run in a chroot jail by default?
> As I mentioned, this worked fine on the Solaris system.
>
> John.
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>

More information about the syslog-ng mailing list