On Sun, 29 Apr 2001, l j wrote:
> I have somce Cisco pixes, routers, and switches
> logging to a bunch of Solaris 7 syslog hosts.
> The logs files are permission 666 and they are
> working.
> How come when I have them as permission 644 it fails?
Without knowing the user and group entries, knowing the permissions
doesn't help much.
> When I turn on debugging for syslogd I can see that it
> report Receiving messsage from ip-of-cisco-equipment
> as well as something along the lines of FILE
> /var/log/cisco.log being written to when the perms are
> 666. When the perms are 644, I only see the
> Receiving messsage from ip-of-cisco-equipment message
> and nothing gets logged.
>
> The cisco web stie says 644 is the correct perms you
> need, but I could not get logging to happen unless I
> use 666.
Make sure that whatever user syslogd is running as is the owner of the
syslog files. Don't forget that the files have to exist before syslogd
will write to them, so if you're using a log rotation program, ensure that
it sets the permissions and ownership appropriately, or runs as the logging
user.
Personally, I prefer log files to be 600 and owned by the logging process'
PID. No use in giving a non-priv. user access to the logs on a system for
no good reason.
If it's a default install, you'll want to install the cluster patches,
there were some SIGHUP issues and I think a large file issue with syslogd
on Solaris 7. There were some patchadd patches too- if you haven't done
them, then doing the recommended security patches and whatever else you'll
end up needing could be difficult.
You'd probably get better and more detailed help someplace like
sun-managers.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
