syslog-ng not logging

Thu Dec 27 10:20:04 PST 2007

On Dec 27, 2007, at 10:40 AM, Peter Boosten wrote:

> Quoting Jeffrey Goldberg <jeffrey at goldmark.org>:
>
>> Is there any reason not to simply do a
>>
>> cd /var/log
>> chown -R daemon .
>
> I think (but I'm not sure) that permissions will be reversed by mtree.

This is the first I've heard of mtree.  I just looked mtree(8), but I  
take it that mtree is run periodically somehow to "fix" things.  Do  
you know where?

I can always keep my logs in some place other than /var/log if this is  
an issue.

>> also
>>
>> chown daemon /dev/console
>
> Won't work either. *if* you're going to do that you should alter / 
> etc/devfs.conf

More things to learn.  I'm not really concerned about logging to  
console anyway, as the machine will run headless most of the time.

>> Will log rotation preserve daemon ownership?
>
> Never used the *traditional* log style with syslog-ng, I stored  
> everything per day/month/year/server.

I'm doing that for hosts that this is the remote syslod server for.   
I'm using

   /var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY-$YEAR$MONTH$DAY"

for everything coming from the udp source.  I suppose I could just add  
"localhost" under HOSTS to do a similar destination for everything  
else, though there I would probably have FACILITY be the major  
categorization

> I ended up running syslog-ng as root, which is probably a bad idea  
> as well, so I cannot give you any advice on this one.

It sounds like using something other than /var/log for a destination  
makes the most sense.

I won't promise anything, but if I get to grok this all better, I'll  
submit a pr for syslog-ng which includes a pkg-message and a FreeBSD  
README.  (I had to look in the startup script for instructions on how  
to enable syslog-ng).

Cheers,

-j