pczanik at fang.fa.gau.hu
Thu Apr 8 19:44:15 UTC 2010
2010-04-08 21:06 keltezéssel, Daniel J Walsh írta:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 04/08/2010 10:02 AM, Peter Czanik wrote:
>> I'm helping to upgrade syslog-ng to current version in major Linux
>> distributions. I would like to ask, if you could update syslog-ng to
>> version 3.1. I'm working on the openSUSE version of syslog-ng 3.1 (
>> ), and it is also being upgraded in Debian (
>> http://packages.qa.debian.org/s/syslog-ng.html ) and Gentoo (
>> http://gentoo.linuxhowtos.org/portage/app-admin/syslog-ng ) and Mandriva
>> ( http://sophie.zarb.org/viewrpm/b8182fa1eee109cc655a020a2cb62f5f ).
>> For a complete list of changes, please see:
>> Major changes from the packaging point of view:
>> - addition of new utilities:
> Are these tools executed by init scripts or just by administrators?
Just by administrators. The first manages the pattern database (patterns
are not included), the second gives stats and controls debugging:
bigone112:~ # pdbtool
Syntax: pdbtool <command> [options]
Possible commands are:
match Match a message against the pattern database
dump Dump pattern datebase tree
merge Merge pattern databases
bigone112:~ # syslog-ng-ctl
Syntax: syslog-ng-ctl <command> [options]
Possible commands are:
stats Dump syslog-ng statistics
verbose Enable/query verbose messages
debug Enable/query debug messages
trace Enable/query trace messages
>> - apparmor (or SElinux in case of Fedora) needs some extra permissions:
>> /var/run/syslog-ng.ctl rw,
> Is this a sock_file?
Yes, it is.
>> /var/run/syslog-ng/additional-log-sockets.conf r,
Ooops, sorry, this is a SuSE related config file, where additional log
sockects from chroots are added on start by the init script.
> Why not put syslog-ng.ctl in /var/run/syslog-ng?
It is controlled by configure parameter: --with-pidfile-dir=/var/run
which also affects pid file location (see src/syslog-ng.h):
#define PATH_PIDFILE PATH_PIDFILEDIR "/syslog-ng.pid"
#define PATH_CONTROL_SOCKET PATH_PIDFILEDIR "/syslog-ng.ctl"
Fedora seems to be a bit more flexible here, than SuSE, so one could
easily set to use /var/run/syslog-ng/ for both of these files.
>> capability sys_tty_config,
> What other processes need to read/write in these directories or sock_files?
Only syslog-ng and syslog-ng-ctl.
>> Version 3.0 also added SSL support among many other changes, but that
>> can't be enabled on openSUSE (configure arg: --disable-ssl): syslog-ng
>> is in /sbin, openssl libs are in /usr/lib, linking from /usr is not
>> allowed in /, and SSL is not available statically for security reasons.
>> As far as I can see (I have a Fedora 13 snapshot installed in vmware),
>> Fedora has the same problem.
>> Please let me know, if you need any additional help/information to get
>> syslog-ng updated for Fedora.
>> Best regards,
>> Peter Czanik
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
> -----END PGP SIGNATURE-----
More information about the devel