Hi,
starting it manually doesn't return the prompt either...:-( !
here is my current /etc/init.d/rsyslog.conf anyway...:
# cat /etc/init.d/rsyslog
#!/bin/bash
#set -x
#
# rsyslog Starts rsyslogd/rklogd.
#
#
# chkconfig: 2345 12 88
# description: Syslog is the facility by which many daemons use to log \
# messages to various system log files. It is a good idea to always \
# run rsyslog.
### BEGIN INIT INFO
# Provides: $syslog
# Required-Start: $local_fs
# Required-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Enhanced system logging and kernel message trapping
daemons
# Description: Rsyslog is an enhanced multi-threaded syslogd supporting,
# among others, MySQL, syslog/tcp, RFC 3195, permitted
# sender lists, filtering on any message part, and fine
# grain output format control.
### END INIT INFO
# Source function library.
. /etc/init.d/functions
RETVAL=0
PIDFILE=/var/run/syslogd.pid
#PIDFILE=/tmp/syslogd.pid
prog=rsyslogd
#exec=/sbin/rsyslogd
exec=/usr/sbin/rsyslogd
lockfile=/var/lock/subsys/$prog
#lockfile=/tmp/$prog
start() {
[ -x $exec ] || exit 5
# Source config
if [ -f /etc/sysconfig/rsyslog ] ; then
. /etc/sysconfig/rsyslog
fi
umask 077
echo -n $"Starting system logger: "
daemon --pidfile="${PIDFILE}" $exec $SYSLOGD_OPTIONS #-d &>
/tmp/rsyslog.log
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch $lockfile
return $RETVAL
}
stop() {
echo -n $"Shutting down system logger: "
killproc $prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $lockfile
return $RETVAL
}
reload() {
RETVAL=1
syslog=$(cat "${PIDFILE}" 2>/dev/null)
echo -n "Reloading system logger..."
if [ -n "${syslog}" ] && [ -e /proc/"${syslog}" ]; then
kill -HUP "$syslog";
RETVAL=$?
fi
if [ $RETVAL -ne 0 ]; then
failure
else
success
fi
echo
return $RETVAL
}
rhstatus() {
status -p "${PIDFILE}" $prog
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload|force-reload)
reload
;;
status)
rhstatus
;;
condrestart|try-restart)
rhstatus >/dev/null 2>&1 || exit 0
restart
;;
*)
echo $"Usage: $0
{start|stop|restart|condrestart|try-restart|reload|force-reload|status}"
exit 2
esac
exit $?
Please anyone who can help with this ?
Thanks in advance :-) !
~maymann
2012/2/3 Michael Maymann <[email protected]>
> Hi,
>
> Yes I have, and now set them to /tmp just for testing, but same thing...:
> PIDFILE=/tmp/syslogd.pi
> lockfile=/tmp/$prog
>
> When started manually, it seems to be working just fine... also after 5
> minutes...:-) !:
> root 1498 1 0 Feb01 ? 00:00:00 /usr/sbin/sshd
> root 14128 1498 0 09:03 ? 00:00:00 sshd: root@pts/0
> root 14131 14128 0 09:04 pts/0 00:00:00 -bash
> <PrivDropToUser> 15442 14131 0 11:51 pts/0 00:00:00
> /usr/sbin/rsyslogd -c 6 -n
>
> How can I implement similar behaviour to
> /etc/init.d/rsyslog+/etc/sysconfig/rsyslog...?
>
>
>
> Thanks in advance :-) !
> ~maymann
>
> 2012/2/3 <[email protected]>
>
> On Fri, 3 Feb 2012, Michael Maymann wrote:
>>
>> Hi,
>>>
>>> David: unfortunately this was not the case...:
>>> # cat /etc/sysconfig/selinux
>>> # This file controls the state of SELinux on the system.
>>> # SELINUX= can take one of these three values:
>>> # enforcing - SELinux security policy is enforced.
>>> # permissive - SELinux prints warnings instead of enforcing.
>>> # disabled - SELinux is fully disabled.
>>> SELINUX=disabled
>>> # SELINUXTYPE= type of policy in use. Possible values are:
>>> # targeted - Only targeted network daemons are protected.
>>> # strict - Full SELinux protection.
>>> SELINUXTYPE=targeted
>>>
>>> What else could cause this problem ?
>>>
>>
>> possibly a silly question, but have you verified that the user you are
>> dropping privileges to has write permission on the directories that you
>> write logs (and any queue files) to?
>>
>> David Lang
>>
>>
>>> Thanks in advance :-) !
>>> ~maymann
>>>
>>> 2012/2/2 Michael Maymann <[email protected]>
>>>
>>> Hi,
>>>>
>>>> David: Thanks for your reply - sounds possible... I will try this first
>>>> thing tomorrow morning and report back with findings...
>>>>
>>>> Br.
>>>> ~maymann
>>>>
>>>> 2012/2/2 <[email protected]>
>>>>
>>>> On Thu, 2 Feb 2012, Michael Maymann wrote:
>>>>
>>>>>
>>>>> Hi Rainer,
>>>>>
>>>>>>
>>>>>> I really have my doubts it has something to do with my startup script:
>>>>>> 1. I only changed the exec=/usr/sbin/rsyslogd from default
>>>>>> 2. It works perfectly when PrivDropTo is not used in rsyslog.conf.
>>>>>>
>>>>>> I'm running on RHEL6.1_x64.
>>>>>> Do you have a working /etc/init.d/rsyslog what you can share/I can
>>>>>> test...?
>>>>>>
>>>>>>
>>>>>
>>>>> my guess is that this is a SELINUX related problem.
>>>>>
>>>>> what happens if you try to start rsyslog manually (not by running the
>>>>> startup script, but just running 'rsyslogd -c 6' "
>>>>>
>>>>> David Lang
>>>>>
>>>>>
>>>>>
>>>>> Thanks in advance :-) !
>>>>>> ~maymann
>>>>>>
>>>>>> 2012/2/2 Michael Maymann <[email protected]>
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>>>
>>>>>>> Rainer: Sorry... forgot to mention that it doesn't say anything about
>>>>>>> failing in the logs... and it actually doesn't fail... it works and
>>>>>>> after
>>>>>>> the timeout+failed notice only the proccess owned by
>>>>>>> PrivDropToUser-USER is
>>>>>>> present, but now owned by the init-proccess (mother proccess dies):
>>>>>>>
>>>>>>> # service rsyslog start
>>>>>>> Starting system logger: [FAILED]
>>>>>>>
>>>>>>> BEFORE failed status:
>>>>>>> root 9126 9125 0 11:07 pts/1 00:00:00 /usr/sbin/rsyslogd
>>>>>>> -c 6
>>>>>>> <PrivDropToUser-USER> 9131 9126 0 11:07 ? 00:00:00
>>>>>>> /usr/sbin/rsyslogd -c 6
>>>>>>>
>>>>>>> AFTER failed status root-owned proccess is killed and
>>>>>>> PrivDropToUser-USER
>>>>>>> owned proccess is therefore gets owned by init:
>>>>>>> <PrivDropToUser-USER> 9131 1 0 11:07 ? 00:00:00
>>>>>>> /usr/sbin/rsyslogd -c 6
>>>>>>>
>>>>>>> Anyone who can help with this...?:
>>>>>>> here is the debug output when starting running the init-script:
>>>>>>> #/etc/init.d/rsyslog start
>>>>>>> + . /etc/init.d/functions
>>>>>>> ++ TEXTDOMAIN=initscripts
>>>>>>> ++ umask 022
>>>>>>> ++ PATH=/sbin:/usr/sbin:/bin:/****usr/bin
>>>>>>>
>>>>>>> ++ export PATH
>>>>>>> ++ '[' -z '' ']'
>>>>>>> ++ COLUMNS=80
>>>>>>> ++ '[' -z '' ']'
>>>>>>> +++ /sbin/consoletype
>>>>>>> ++ CONSOLETYPE=pty
>>>>>>> ++ '[' -f /etc/sysconfig/i18n -a -z '' -a -z '' ']'
>>>>>>> ++ . /etc/profile.d/lang.sh
>>>>>>> ++ unset LANGSH_SOURCED
>>>>>>> ++ '[' -z '' ']'
>>>>>>> ++ '[' -f /etc/sysconfig/init ']'
>>>>>>> ++ . /etc/sysconfig/init
>>>>>>> +++ BOOTUP=color
>>>>>>> +++ RES_COL=60
>>>>>>> +++ MOVE_TO_COL='echo -en \033[60G'
>>>>>>> +++ SETCOLOR_SUCCESS='echo -en \033[0;32m'
>>>>>>> +++ SETCOLOR_FAILURE='echo -en \033[0;31m'
>>>>>>> +++ SETCOLOR_WARNING='echo -en \033[0;33m'
>>>>>>> +++ SETCOLOR_NORMAL='echo -en \033[0;39m'
>>>>>>> +++ PROMPT=yes
>>>>>>> +++ AUTOSWAP=no
>>>>>>> +++ ACTIVE_CONSOLES='/dev/tty[1-6]****'
>>>>>>>
>>>>>>> +++ SINGLE=/sbin/sushell
>>>>>>> ++ '[' pty = serial ']'
>>>>>>> ++
>>>>>>> __sed_discard_ignored_files='/****\(~\|\.bak\|\.orig\|\.**rpmnew\|**
>>>>>>> \.rpmorig\|\.rpmsave\)$/d'
>>>>>>> + RETVAL=0
>>>>>>> + PIDFILE=/var/run/syslogd.pid
>>>>>>> + prog=rsyslogd
>>>>>>> + exec=/usr/sbin/rsyslogd
>>>>>>> + lockfile=/var/lock/subsys/****rsyslogd
>>>>>>>
>>>>>>> + case "$1" in
>>>>>>> + start
>>>>>>> + '[' -x /usr/sbin/rsyslogd ']'
>>>>>>> + '[' -f /etc/sysconfig/rsyslog ']'
>>>>>>> + . /etc/sysconfig/rsyslog
>>>>>>> ++ SYSLOGD_OPTIONS='-c 6'
>>>>>>> + umask 077
>>>>>>> + echo -n 'Starting system logger: '
>>>>>>> Starting system logger: + daemon --pidfile=/var/run/syslogd.pid
>>>>>>> /usr/sbin/rsyslogd -c 6
>>>>>>> + local gotbase= force= nicelevel corelimit
>>>>>>> + local pid base= user= nice= bg= pid_file=
>>>>>>> + local cgroup=
>>>>>>> + nicelevel=0
>>>>>>> + '[' --pidfile=/var/run/syslogd.pid '!='
>>>>>>> -pidfile=/var/run/syslogd.pid
>>>>>>> ']'
>>>>>>> + case $1 in
>>>>>>> + pid_file=/var/run/syslogd.pid
>>>>>>> + shift
>>>>>>> + '[' /usr/sbin/rsyslogd '!=' /usr/sbin/rsyslogd ']'
>>>>>>> + '[' -z '' ']'
>>>>>>> + base=rsyslogd
>>>>>>> + __pids_var_run rsyslogd /var/run/syslogd.pid
>>>>>>> + local base=rsyslogd
>>>>>>> + local pid_file=/var/run/syslogd.pid
>>>>>>> + pid=
>>>>>>> + '[' -f /var/run/syslogd.pid ']'
>>>>>>> + return 3
>>>>>>> + '[' -n '' -a -z '' ']'
>>>>>>> + corelimit='ulimit -S -c 0'
>>>>>>> + '[' -n '' ']'
>>>>>>> + '[' -n '' ']'
>>>>>>> + '[' color = verbose -a -z '' ']'
>>>>>>> + '[' -z '' ']'
>>>>>>> + /bin/bash -c 'ulimit -S -c 0 >/dev/null 2>&1 ; /usr/sbin/rsyslogd
>>>>>>> -c
>>>>>>> 6'
>>>>>>> ...
>>>>>>> (hangs here for a long time)
>>>>>>> ...
>>>>>>> + '[' 1 -eq 0 ']'
>>>>>>> + failure 'rsyslogd startup'
>>>>>>> + local rc=1
>>>>>>> + '[' color '!=' verbose -a -z '' ']'
>>>>>>> + echo_failure
>>>>>>> + '[' color = color ']'
>>>>>>> + echo -en '\033[60G'
>>>>>>> + echo -n
>>>>>>> '['
>>>>>>> [+ '[' color = color ']'
>>>>>>> + echo -en '\033[0;31m'
>>>>>>> + echo -n FAILED
>>>>>>> FAILED+ '[' color = color ']'
>>>>>>> + echo -en '\033[0;39m'
>>>>>>> + echo -n ']'
>>>>>>> ]+ echo -ne '\r'
>>>>>>> + return 1
>>>>>>> + '[' -x /usr/bin/plymouth ']'
>>>>>>> + /usr/bin/plymouth --details
>>>>>>> + return 1
>>>>>>> + RETVAL=1
>>>>>>> + echo
>>>>>>>
>>>>>>> + '[' 1 -eq 0 ']'
>>>>>>> + return 1
>>>>>>> + exit 1
>>>>>>>
>>>>>>> I have tried to give 777-access to /var/run and /var/lock/subsys -
>>>>>>> but
>>>>>>> same thing happens...
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Thanks in advance :-) !
>>>>>>>
>>>>>>> Br.
>>>>>>> ~maymann
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> 2012/2/2 Rainer Gerhards <[email protected]>
>>>>>>>
>>>>>>> I can only help you with that part if you point me to why exactly
>>>>>>> the
>>>>>>>
>>>>>>>> script
>>>>>>>> claims what it does. So you may want to try find someone who can do
>>>>>>>> that.
>>>>>>>> I
>>>>>>>> know this is probably a trivial question, but I don't know anything
>>>>>>>> ;)
>>>>>>>>
>>>>>>>> Sry, rainer
>>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>>
>>>>>>>>> From: [email protected].****com<rsyslog-bounces@lists.
>>>>>>>>> **adiscon.com <[email protected]>>[mailto:
>>>>>>>>>
>>>>>>>>> rsyslog-
>>>>>>>>> [email protected]] On Behalf Of Michael Maymann
>>>>>>>>> Sent: Thursday, February 02, 2012 10:03 AM
>>>>>>>>> To: rsyslog-users
>>>>>>>>> Subject: Re: [rsyslog] rsyslog as non-root user
>>>>>>>>>
>>>>>>>>> Here is my startup script... only thing changed is the path to the
>>>>>>>>> new
>>>>>>>>> 6.3.6-rsyslog-devel binary.
>>>>>>>>> The startup-scripts works also perfectly when i comment out the
>>>>>>>>> PrivDropToUser+PrivDropToGroup in /etc/rsyslog.conf - but failes
>>>>>>>>> if i
>>>>>>>>> have
>>>>>>>>> both or one of the entries...:
>>>>>>>>> #!/bin/bash
>>>>>>>>> #
>>>>>>>>> # rsyslog Starts rsyslogd/rklogd.
>>>>>>>>> #
>>>>>>>>> #
>>>>>>>>> # chkconfig: 2345 12 88
>>>>>>>>> # description: Syslog is the facility by which many daemons use to
>>>>>>>>> log
>>>>>>>>> \
>>>>>>>>> # messages to various system log files. It is a good idea to
>>>>>>>>> always \
>>>>>>>>> # run rsyslog.
>>>>>>>>> ### BEGIN INIT INFO
>>>>>>>>> # Provides: $syslog
>>>>>>>>> # Required-Start: $local_fs
>>>>>>>>> # Required-Stop: $local_fs
>>>>>>>>> # Default-Start: 2 3 4 5
>>>>>>>>> # Default-Stop: 0 1 6
>>>>>>>>> # Short-Description: Enhanced system logging and kernel message
>>>>>>>>> trapping
>>>>>>>>> daemons
>>>>>>>>> # Description: Rsyslog is an enhanced multi-threaded syslogd
>>>>>>>>> supporting,
>>>>>>>>> # among others, MySQL, syslog/tcp, RFC 3195, permitted
>>>>>>>>> # sender lists, filtering on any message part, and
>>>>>>>>> fine
>>>>>>>>> # grain output format control.
>>>>>>>>> ### END INIT INFO
>>>>>>>>>
>>>>>>>>> # Source function library.
>>>>>>>>> . /etc/init.d/functions
>>>>>>>>>
>>>>>>>>> RETVAL=0
>>>>>>>>> PIDFILE=/var/run/syslogd.pid
>>>>>>>>>
>>>>>>>>> prog=rsyslogd
>>>>>>>>> #exec=/sbin/rsyslogd
>>>>>>>>> exec=/usr/sbin/rsyslogd
>>>>>>>>> lockfile=/var/lock/subsys/$****prog
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> start() {
>>>>>>>>> [ -x $exec ] || exit 5
>>>>>>>>>
>>>>>>>>> # Source config
>>>>>>>>> if [ -f /etc/sysconfig/rsyslog ] ; then
>>>>>>>>> . /etc/sysconfig/rsyslog
>>>>>>>>> fi
>>>>>>>>> umask 077
>>>>>>>>>
>>>>>>>>> echo -n $"Starting system logger: "
>>>>>>>>> daemon --pidfile="${PIDFILE}" $exec $SYSLOGD_OPTIONS
>>>>>>>>> RETVAL=$?
>>>>>>>>> echo
>>>>>>>>> [ $RETVAL -eq 0 ] && touch $lockfile
>>>>>>>>> return $RETVAL
>>>>>>>>> }
>>>>>>>>> stop() {
>>>>>>>>> echo -n $"Shutting down system logger: "
>>>>>>>>> killproc $prog
>>>>>>>>> RETVAL=$?
>>>>>>>>> echo
>>>>>>>>> [ $RETVAL -eq 0 ] && rm -f $lockfile
>>>>>>>>> return $RETVAL
>>>>>>>>> }
>>>>>>>>> reload() {
>>>>>>>>> RETVAL=1
>>>>>>>>> syslog=$(cat "${PIDFILE}" 2>/dev/null)
>>>>>>>>> echo -n "Reloading system logger..."
>>>>>>>>> if [ -n "${syslog}" ] && [ -e /proc/"${syslog}" ]; then
>>>>>>>>> kill -HUP "$syslog";
>>>>>>>>> RETVAL=$?
>>>>>>>>> fi
>>>>>>>>> if [ $RETVAL -ne 0 ]; then
>>>>>>>>> failure
>>>>>>>>> else
>>>>>>>>> success
>>>>>>>>> fi
>>>>>>>>> echo
>>>>>>>>> return $RETVAL
>>>>>>>>> }
>>>>>>>>> rhstatus() {
>>>>>>>>> status -p "${PIDFILE}" $prog
>>>>>>>>> }
>>>>>>>>> restart() {
>>>>>>>>> stop
>>>>>>>>> start
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> case "$1" in
>>>>>>>>> start)
>>>>>>>>> start
>>>>>>>>> ;;
>>>>>>>>> stop)
>>>>>>>>> stop
>>>>>>>>> ;;
>>>>>>>>> restart)
>>>>>>>>> restart
>>>>>>>>> ;;
>>>>>>>>> reload|force-reload)
>>>>>>>>> reload
>>>>>>>>> ;;
>>>>>>>>> status)
>>>>>>>>> rhstatus
>>>>>>>>> ;;
>>>>>>>>> condrestart|try-restart)
>>>>>>>>> rhstatus >/dev/null 2>&1 || exit 0
>>>>>>>>> restart
>>>>>>>>> ;;
>>>>>>>>> *)
>>>>>>>>> echo $"Usage: $0
>>>>>>>>> {start|stop|restart|****condrestart|try-restart|****reload|force-
>>>>>>>>>
>>>>>>>>> reload|status}"
>>>>>>>>> exit 2
>>>>>>>>> esac
>>>>>>>>>
>>>>>>>>> exit $?
>>>>>>>>>
>>>>>>>>> 2012/2/2 Rainer Gerhards <[email protected]>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> -----Original Message-----
>>>>>>>>>>
>>>>>>>>>>> From: [email protected].****com<
>>>>>>>>>>> rsyslog-bounces@lists.**adiscon.com<[email protected]>
>>>>>>>>>>> >[mailto:
>>>>>>>>>>>
>>>>>>>>>>> rsyslog-
>>>>>>>>>>> [email protected]] On Behalf Of Michael Maymann
>>>>>>>>>>> Sent: Wednesday, February 01, 2012 9:08 AM
>>>>>>>>>>> To: rsyslog-users
>>>>>>>>>>> Subject: Re: [rsyslog] rsyslog as non-root user
>>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> David: thanks - got it working with permission dropping, by far
>>>>>>>>>>> my
>>>>>>>>>>> prefered
>>>>>>>>>>> configuration... just didn't know of it...:-) !
>>>>>>>>>>> Rainer: please let us know if the debug info of the "permission
>>>>>>>>>>> dropping:
>>>>>>>>>>> hang+timeout" I send you can solve anything... anyway it works
>>>>>>>>>>> now
>>>>>>>>>>>
>>>>>>>>>>> -
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> but
>>>>>>>>>>
>>>>>>>>>>> not optimal if other people have to service my setup...:-) !
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> I have reviewed the debug log and I see nothing unexpected. From
>>>>>>>>>> the
>>>>>>>>>> timestamps I also see that there is no hang whatsoever. So it
>>>>>>>>>> looks
>>>>>>>>>>
>>>>>>>>>> like
>>>>>>>>>
>>>>>>>>> there is some problem with the startup script, which I don't
>>>>>>>>>> know. I
>>>>>>>>>> suggest
>>>>>>>>>> to ask what the FAILED status is caused by. We can then look why
>>>>>>>>>> this
>>>>>>>>>> happens.
>>>>>>>>>>
>>>>>>>>>> Sorry I have no better answer...
>>>>>>>>>> Rainer
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Thanks in advance :-) !
>>>>>>>>>>> ~maymann
>>>>>>>>>>>
>>>>>>>>>>> 2012/2/1 <[email protected]>
>>>>>>>>>>>
>>>>>>>>>>> On Tue, 31 Jan 2012, Michael Maymann wrote:
>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Hi,
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> I have now setup a 6.3.6-devel rsyslog server that is working
>>>>>>>>>>>>>
>>>>>>>>>>>>> fine
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>> running
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> as root.
>>>>>>>>>>>>
>>>>>>>>>>>>> I would like to run it as non-root user as my logfiles are
>>>>>>>>>>>>>
>>>>>>>>>>>>> located
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>> on NFS
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> (and root export of NFS is generally not a good idea !).
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Here is my rsyslog.conf:
>>>>>>>>>>>>> #LOAD MODULES
>>>>>>>>>>>>> $ModLoad imudp
>>>>>>>>>>>>> $UDPServerRun 514
>>>>>>>>>>>>> $UDPServerAddress 127.0.0.1
>>>>>>>>>>>>> $ModLoad imtcp
>>>>>>>>>>>>> $InputTCPServerRun 514
>>>>>>>>>>>>> #SET DESTINATION FOR LOGS
>>>>>>>>>>>>> $template
>>>>>>>>>>>>> DYNmessages,"<PATH_TO>/%******FROMHOST%/%FROMHOST%_%$YEAR%.%**
>>>>>>>>>>>>> ****
>>>>>>>>>>>>> $MONTH%_messages"
>>>>>>>>>>>>> $template
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> DYNsecure,"<PATH_TO>/%******FROMHOST%/%FROMHOST%_%$YEAR%.%**
>>>>>>>>>>> **
>>>>>>>>>>>
>>>>>>>>>> **$MONTH%_secure"
>>>>>>>>>
>>>>>>>>> $template
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> DYNmaillog,"<PATH_TO>/%******FROMHOST%/%FROMHOST%_%$YEAR%.%*
>>>>>>>>>>> ***
>>>>>>>>>>>
>>>>>>>>>> **$MONTH%_maillo
>>>>>>>>>
>>>>>>>>> g"
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> $template
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> DYNcron,"<PATH_TO>/%FROMHOST%/******%FROMHOST%_%$YEAR%.%$**
>>>>>>>>>>>> MONTH%_****
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> cron"
>>>>>>>>>>>>
>>>>>>>>>>>>> $template
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> DYNspooler,"<PATH_TO>/%******FROMHOST%/%FROMHOST%_%$YEAR%.%*
>>>>>>>>>>> ***
>>>>>>>>>>>
>>>>>>>>>> **$MONTH%_spoole
>>>>>>>>>
>>>>>>>>> r"
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> $template
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> DYNboot,"<PATH_TO>/%FROMHOST%/******%FROMHOST%_%$YEAR%.%$**
>>>>>>>>>>> MONTH%_**
>>>>>>>>>>>
>>>>>>>>>> **boot.log"
>>>>>>>>>
>>>>>>>>> $template
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>>> DYNtraps,"<PATH_TO>/%FROMHOST%******/%FROMHOST%_%$YEAR%.%$**
>>>>>>>>>>>> MONTH%**
>>>>>>>>>>>>
>>>>>>>>>>> _**
>>>>>>>>>>>
>>>>>>>>>>> traps"
>>>>>>>>>>>>
>>>>>>>>>>>>> #SET LOGGING CONDITIONS
>>>>>>>>>>>>> if $syslogseverity <= '6' then ?DYNmessages
>>>>>>>>>>>>> if $syslogfacility-text == 'authpriv' then ?DYNsecure
>>>>>>>>>>>>> if $syslogfacility-text == 'mail' then ?DYNmaillog
>>>>>>>>>>>>> if $syslogfacility-text == 'cron' then ?DYNcron
>>>>>>>>>>>>> if $syslogseverity-text == 'crit' then ?DYNspooler
>>>>>>>>>>>>> if $syslogfacility-text == 'local7' then ?DYNboot
>>>>>>>>>>>>> if $syslogfacility-text == 'local6' and $syslogseverity-text ==
>>>>>>>>>>>>>
>>>>>>>>>>>>> 'WARNING'
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> then ?DYNtraps
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Here is my logfile when I try to start rsyslog as a non-root
>>>>>>>>>>>>>
>>>>>>>>>>>>> user:
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>> 2012-01-31T15:45:52.997693+02:******00 <hostname> rsyslogd:
>>>>>>>>>> [origin
>>>>>>>>>>
>>>>>>>>>>> software="rsyslogd" swVersion="6.3.6" x-pid="26185" x-info="
>>>>>>>>>>>>> http://www.rsyslog.com";] start
>>>>>>>>>>>>> 2012-01-31T15:45:52.997294+02:******00 <hostname> rsyslogd:
>>>>>>>>>>>>> bind:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Permission
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> denied
>>>>>>>>>>>>
>>>>>>>>>>>>> 2012-01-31T15:45:52.997369+02:******00 <hostname> rsyslogd:
>>>>>>>>>>>>> bind:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Permission
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> denied
>>>>>>>>>>>>
>>>>>>>>>>>>> 2012-01-31T15:45:52.997374+02:******00 <hostname> rsyslogd:
>>>>>>>>>>>>> No UDP
>>>>>>>>>>>>>
>>>>>>>>>>>>> listen
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> socket
>>>>>>>>>>>>
>>>>>>>>>>>>> could successfully be initialized, message reception via UDP
>>>>>>>>>>>>>
>>>>>>>>>>>>> disabled.
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> 2012-01-31T15:45:52.997376+02:******00 <hostname> rsyslogd:
>>>>>>>>>>>> imudp:
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> no
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>> listeners
>>>>>>>>>>
>>>>>>>>>>> could be started, input not activated.
>>>>>>>>>>>>> 2012-01-31T15:45:52.997379+02:******00 <hostname> rsyslogd3:
>>>>>>>>>>>>>
>>>>>>>>>>>>> activation
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>> of
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> module
>>>>>>>>>>>>
>>>>>>>>>>>>> imudp failed [try http://www.rsyslog.com/e/-3 ]
>>>>>>>>>>>>> 2012-01-31T15:45:52.997643+02:******00 <hostname>
>>>>>>>>>>>>> rsyslogd-2077:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Could
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>> not
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> create
>>>>>>>>>>>>
>>>>>>>>>>>>> tcp listener, ignoring port 514. [try
>>>>>>>>>>>>>
>>>>>>>>>>>>> http://www.rsyslog.com/e/2077
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>> ]
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> So permissions to bind and sockets seems to be the problem...
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> yes, you cannot bind to ports <1024 as a normal user (without
>>>>>>>>>>>>
>>>>>>>>>>>> making
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> some
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> other non-standard changes through sysctl)
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> 1. Is it possible to make rsyslog write logfiles as a non-root
>>>>>>>>>>>>
>>>>>>>>>>>> user
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> - if
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> yes: how ?
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> permission drop features
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> 2a. Is it possible to add permissions for non-root user to run
>>>>>>>>>>>>
>>>>>>>>>>>> rsyslog
>>>>>>>>>>>
>>>>>>>>>>> server - if yes: how ?
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> pick a listening port > 1024 and it should work.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> 2b. How do I start rsyslog during boot as non-root user - can
>>>>>>>>>>>>
>>>>>>>>>>>> chkconfig do
>>>>>>>>>>>
>>>>>>>>>>> this ? do I need to edit /etc/init.d/rsyslog - if yes: how ?
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> su can run a command as a different user.
>>>>>>>>>>>>
>>>>>>>>>>>> although as Rainer points out, you may just be looking for the
>>>>>>>>>>>>
>>>>>>>>>>>> permission
>>>>>>>>>>>
>>>>>>>>>>> dropping features that are already in rsyslog.
>>>>>>>>>>>>
>>>>>>>>>>>> David Lang
>>>>>>>>>>>>
>>>>>>>>>>>> ______________________________******_________________
>>>>>>>>>>>> rsyslog mailing list
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> http://lists.adiscon.net/******mailman/listinfo/rsyslog<http://lists.adiscon.net/****mailman/listinfo/rsyslog>
>>>>>>>>>>> <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog>
>>>>>>>>>>> >
>>>>>>>>>>>
>>>>>>>>>> <http:**//lists.adisco <http://lists.adisco>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> n.net/mailman/listinfo/**rsyslog**<http://n.net/mailman/listinfo/rsyslog**>
>>>>>>>>>> >
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> http://www.rsyslog.com/******professional-<http://www.rsyslog.com/****professional->
>>>>>>>>>>>> <http://www.**rsyslog.com/**professional-<http://www.rsyslog.com/**professional->
>>>>>>>>>>>> >
>>>>>>>>>>>>
>>>>>>>>>>>> services/<http://www.rsyslog.****com/professional-services/<ht
>>>>>>>>>>> **tp://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/>
>>>>>>>>>>> >
>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> ______________________________****_________________
>>>>>>>>>>>>
>>>>>>>>>>> rsyslog mailing list
>>>>>>>>>>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog>
>>>>>>>>>>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
>>>>>>>>>>> >
>>>>>>>>>>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/>
>>>>>>>>>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/>
>>>>>>>>>>> >
>>>>>>>>>>>
>>>>>>>>>>> ______________________________****_________________
>>>>>>>>>> rsyslog mailing list
>>>>>>>>>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog>
>>>>>>>>>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
>>>>>>>>>> >
>>>>>>>>>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/>
>>>>>>>>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/>
>>>>>>>>>> >
>>>>>>>>>>
>>>>>>>>>> ______________________________****_________________
>>>>>>>>>>
>>>>>>>>> rsyslog mailing list
>>>>>>>>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog>
>>>>>>>>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
>>>>>>>>> >
>>>>>>>>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/>
>>>>>>>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/>
>>>>>>>>> >
>>>>>>>>>
>>>>>>>>> ______________________________****_________________
>>>>>>>> rsyslog mailing list
>>>>>>>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog>
>>>>>>>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
>>>>>>>> >
>>>>>>>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/>
>>>>>>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/>
>>>>>>>> >
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> ______________________________****_________________
>>>>>>>
>>>>>> rsyslog mailing list
>>>>>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog>
>>>>>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
>>>>>> >
>>>>>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/>
>>>>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/>
>>>>>> >
>>>>>>
>>>>>> ______________________________****_________________
>>>>>>
>>>>> rsyslog mailing list
>>>>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog>
>>>>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
>>>>> >
>>>>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/>
>>>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/>
>>>>> >
>>>>>
>>>>>
>>>>
>>>> ______________________________**_________________
>>> rsyslog mailing list
>>> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
>>> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/>
>>>
>>> ______________________________**_________________
>> rsyslog mailing list
>> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
>> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/>
>>
>
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
