hi,
A complement to #526616 in order to transform Severity from 'grave'
to 'normal' to launch syslog-ng in non root pid
Please consider following patch to Lenny Debian distribution
P0: file /etc/default/syslog-ng
-------------------------------
# defined pid user for launching syslog_ng daemon. Please note that
# this user must be resolved before end of initialisation of the box, so if
using NIS
# for resolving user and group, then install valid user in /etc/passwd and
# /etc/group, otherwise syslog-ng can not start (because no network when syslog
start)
# Otherwise, set it to root !!
SYSLOG_NG_PID_USER=syslog-ng
SYSLOG_NG_PID_GROUP=syslog-ng
# define local directorie for chroot process, otherwise, let /
SYSLOG_NG_CHROOT=/
P1: file /etc/init.d/syslog-ng
-------------------------------
change syslogng_start and create_xconsole fonctions ...
create_xconsole() {
if [ ! -e /dev/xconsole ]
then
mknod --mode 660 /dev/xconsole p
# We assume here you don't change default setting for syslog uid
# defined in /etc/default/syslog-ng
chown root.syslog-ng /dev/xconsole
fi
}
syslogng_start() {
log_daemon_msg "Starting system logging" "$NAME"
create_xconsole
start-stop-daemon --start --quiet --exec "$SYSLOGNG" \
--pidfile "$PIDFILE" -- \
--pidfile "$PIDFILE" \
--user "$SYSLOG_NG_PID_USER" \
--group "$SYSLOG_NG_PID_GROUP" \
--chroot "$SYSLOG_NG_CHROOT"
RET="$?"
log_end_msg $RET
return $RET
}
P2: file /etc/syslog-ng/syslog-ng.conf
---------------------------------------
A dedicated file with correct owner and dir ..
....
options {
.......
dir_owner (syslog-ng);
dir_group (syslog-ng);
dir_perm (0650);
owner (syslog-ng);
group (syslog-ng);
perm (0640);
};
consider also the file definition. In my case i suggest to use
a dedicated directory in /var/log/syslog-ng in order to simplify
syslog-ng logrotate definition....,
so my definition is :
-> grep log/syslog-ng /etc/syslog-ng/syslog-ng.conf
destination df_auth { file("/var/log/syslog-ng/auth.log"); };
destination df_syslog { file("/var/log/syslog-ng/syslog.log"); };
destination df_cron { file("/var/log/syslog-ng/cron.log"); };
destination df_daemon { file("/var/log/syslog-ng/daemon.log"); };
destination df_kern { file("/var/log/syslog-ng/kern.log"); };
destination df_lpr { file("/var/log/syslog-ng/lpr.log"); };
destination df_mail { file("/var/log/syslog-ng/mail.log"); };
destination df_user { file("/var/log/syslog-ng/user.log"); };
destination df_uucp { file("/var/log/syslog-ng/uucp.log"); };
destination df_facility_dot_info {
file("/var/log/syslog-ng/$FACILITY.info.log"); };
destination df_facility_dot_notice {
file("/var/log/syslog-ng/$FACILITY.notice.log"); };
destination df_facility_dot_warn {
file("/var/log/syslog-ng/$FACILITY.warn.log"); };
destination df_facility_dot_err {
file("/var/log/syslog-ng/$FACILITY.err.log"); };
destination df_facility_dot_crit {
file("/var/log/syslog-ng/$FACILITY.crit.log"); };
destination df_news_dot_notice { file("/var/log/syslog-ng/news/news.notice.log"
owner("news")); };
destination df_news_dot_err { file("/var/log/syslog-ng/news/news.err.log"
owner("news")); };
destination df_news_dot_crit { file("/var/log/syslog-ng/news/news.crit.log"
owner("news")); };
destination df_debug { file("/var/log/syslog-ng/debug.log"); };
destination df_messages { file("/var/log/syslog-ng/messages.log"); };
# auth,authpriv.* /var/log/syslog-ng/auth.log
# *.*;auth,authpriv.none -/var/log/syslog-ng/syslog
# daemon.* -/var/log/syslog-ng/daemon.log
# kern.* -/var/log/syslog-ng/kern.log
# lpr.* -/var/log/syslog-ng/lpr.log
# mail.* -/var/log/syslog-ng/mail.log
# user.* -/var/log/syslog-ng/user.log
# uucp.* /var/log/syslog-ng/uucp.log
# mail.info -/var/log/syslog-ng/mail.info
# mail.warn -/var/log/syslog-ng/mail.warn
# mail.err /var/log/syslog-ng/mail.err
# news.crit /var/log/syslog-ng/news/news.crit
# news.err /var/log/syslog-ng/news/news.err
# news.notice /var/log/syslog-ng/news/news.notice
# news.none;mail.none -/var/log/syslog-ng/debug
# mail,news.none -/var/log/syslog-ng/messages
P3 post installation of package syslog-ng....
---------------------------------------------
run this fragment of script in package postinstallation
syslog_add_user_and_grp ()
{
# create dedicated user on local host, so that user and group are
# ok even if host is not started for network point of vue ( if
# using NIS for exemple)
SYSLOG_USER=syslog-ng
# We assume in following command that user syslog-ng has a same group
# as suggested in man documentation (because a system user)
sudo adduser \
--system $SYSLOG_USER \
--force-badname \
--home /var/log/syslog-ng \
--no-create-home \
--group
sudo install -d -m0750 -o $SYSLOG_USER -g $SYSLOG_USER /var/log/syslog-ng
# change access to /dev/xconsole
sudo chown root.$SYSLOG_USER /dev/xconsole
sudo chmod u+rw,g+rw,o-rwx /dev/xconsole
# ...and enable access in read only for group syslog....
sudo chown root.$SYSLOG_USER /proc/kmsg
sudo chmod g+r /proc/kmsg
}
P4 logrotate file
-----------------
We assume here that all files are named with pattern matching
such as /var/log/syslog-ng/*.log in configuration file
/var/log/syslog-ng/*.log {
nomail
noolddir
daily
create
compress
notifempty
rotate 10
size 1M
start 0
compressoptions -9
extension .gz
compresscmd /bin/gzip
uncompresscmd /bin/gunzip
}
--
--------------------------------------
-- Jean-Marc LACROIX --
-- mailto : [email protected] --
---------------------------------------
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
