[syslog-ng] [Bug 218] To include local*.* facility.level in the source of syslog-ng
bugzilla at bugzilla.balabit.com
bugzilla at bugzilla.balabit.com
Mon Feb 4 20:46:30 CET 2013
https://bugzilla.balabit.com/show_bug.cgi?id=218
--- Comment #10 from Balazs Scheidler <bazsi at balabit.hu> 2013-02-04 20:46:29 ---
hmm, it shouldn't depend on the facility itself. I suspect the culprit is
somewhere between the applications and syslog-ng.
can you run 'logger -p local6.info foo' to check that sshd is indeed using
/dev/log and not the network connection accepted right after startup?
it should also confirm that syslog-ng writes that message to the
expected log file.
if all is fine, then I'm afraid something must be wrong with the
applications that perform logging, probably a configuration issue, perhaps
some security module? it often happens on Linux, but AFAIK Solaris has some
labeled security stuff, that might interfere with logging here.
If that's the case you can troubleshoot that by running the application
under truss or attach to the running instance using truss -p.
The important thing is to enable enough detail in the truss log.
There the opening of /dev/log should be visible, and everything the app
does with the fd in question should be interesting.
--
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the syslog-ng
mailing list