syslog-ng

Peter Czanik pczanik at fang.fa.gau.hu
Thu Apr 8 19:44:15 UTC 2010 

Hello,

2010-04-08 21:06 keltezéssel, Daniel J Walsh írta:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 04/08/2010 10:02 AM, Peter Czanik wrote:
>   
>> Hello,
>>
>> I'm helping to upgrade syslog-ng to current version in major Linux
>> distributions. I would like to ask, if you could update syslog-ng to
>> version 3.1. I'm working on the openSUSE version of syslog-ng 3.1 (
>> http://download.opensuse.org/repositories/home:/czanik:/branches:/Base:/System/openSUSE_Factory/src/
>> ), and it is also being upgraded in Debian (
>> http://packages.qa.debian.org/s/syslog-ng.html ) and Gentoo (
>> http://gentoo.linuxhowtos.org/portage/app-admin/syslog-ng ) and Mandriva
>> ( http://sophie.zarb.org/viewrpm/b8182fa1eee109cc655a020a2cb62f5f ).
>>
>> For a complete list of changes, please see:
>> http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.0.5/changelog-en.txt
>> http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.1.0/changelog-en.txt
>>
>> Major changes from the packaging point of view:
>>
>> - addition of new utilities:
>> /usr/bin/pdbtool
>> /usr/sbin/syslog-ng-ctl
>>
>>     
> Are these tools executed by init scripts or just by administrators?
>   
Just by administrators. The first manages the pattern database (patterns
are not included), the second gives stats and controls debugging:

bigone112:~ # pdbtool
Syntax: pdbtool <command> [options]
Possible commands are:
    match        Match a message against the pattern database
    dump         Dump pattern datebase tree
    merge        Merge pattern databases
bigone112:~ # syslog-ng-ctl
Syntax: syslog-ng-ctl <command> [options]
Possible commands are:
    stats        Dump syslog-ng statistics
    verbose      Enable/query verbose messages
    debug        Enable/query debug messages
    trace        Enable/query trace messages


>> - apparmor (or SElinux in case of Fedora) needs some extra permissions:
>> /var/run/syslog-ng.ctl rw,
>>     
> Is this a sock_file?
>   
Yes, it is.

>> /var/run/syslog-ng/additional-log-sockets.conf r,
>>     
Ooops, sorry, this is a SuSE related config file, where additional log
sockects from chroots are added on start by the init script.

> Why not put syslog-ng.ctl in /var/run/syslog-ng?
>   
It is controlled by configure parameter: --with-pidfile-dir=/var/run
which also affects pid file location (see src/syslog-ng.h):
#define PATH_PIDFILE            PATH_PIDFILEDIR "/syslog-ng.pid"
#define PATH_CONTROL_SOCKET     PATH_PIDFILEDIR "/syslog-ng.ctl"
Fedora seems to be a bit more flexible here, than SuSE, so one could
easily set to use /var/run/syslog-ng/ for both of these files.

>> capability sys_tty_config,
>>     
> What other processes need to read/write in these directories or sock_files?
>   
Only syslog-ng and syslog-ng-ctl.

Bye,
CzP

>> Version 3.0 also added SSL support among many other changes, but that
>> can't be enabled on openSUSE (configure arg: --disable-ssl): syslog-ng
>> is in /sbin, openssl libs are in /usr/lib, linking from /usr is not
>> allowed in /, and SSL is not available statically for security reasons.
>> As far as I can see (I have a Fedora 13 snapshot installed in vmware),
>> Fedora has the same problem.
>>
>> Please let me know, if you need any additional help/information to get
>> syslog-ng updated for Fedora.
>>
>> Best regards,
>> Peter Czanik
>>
>>     
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAku+KUsACgkQrlYvE4MpobNBeQCfRvP3ykhSY8xaAMCL6PlOY+18
> fY8AoIo2TyUSPXEYDiUWs5ts/U6IMh8B
> =G3LL
> -----END PGP SIGNATURE-----
>

More information about the devel mailing list