From owner-freebsd-questions@FreeBSD.ORG Thu Dec 27 18:20:04 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3C72416A417 for ; Thu, 27 Dec 2007 18:20:04 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from out4.smtp.messagingengine.com (out4.smtp.messagingengine.com [66.111.4.28]) by mx1.freebsd.org (Postfix) with ESMTP id 1B3BC13C468 for ; Thu, 27 Dec 2007 18:20:03 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id 87ED182638; Thu, 27 Dec 2007 13:20:03 -0500 (EST) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by compute1.internal (MEProxy); Thu, 27 Dec 2007 13:20:03 -0500 X-Sasl-enc: 9WbkmiLMlh5T27N8sXjcgix/UrtGBvWzbk/Edivofzon 1198779602 Received: from hagrid.ewd.goldmark.org (n114.ewd.goldmark.org [72.64.118.114]) by mail.messagingengine.com (Postfix) with ESMTP id 5C4B6A6DA; Thu, 27 Dec 2007 13:20:02 -0500 (EST) Message-Id: <9F820227-4DB1-474E-B50C-1CE2536CC1FD@goldmark.org> From: Jeffrey Goldberg To: Peter Boosten In-Reply-To: <20071227174049.ku0vp66isksgkk0c@www.boosten.org> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v915) Date: Thu, 27 Dec 2007 12:20:01 -0600 References: <1FF40B1F-D183-421A-A7A6-1BFD8E5EBE15@utdallas.edu> <20071227044016.bqrtqsjpwogkgc8k@www.boosten.org> <98D543FB-8060-4F8F-B4FD-4E5B8ABE876F@goldmark.org> <20071227174049.ku0vp66isksgkk0c@www.boosten.org> X-Mailer: Apple Mail (2.915) Cc: User questions Subject: Re: syslog-ng not logging X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Dec 2007 18:20:04 -0000 On Dec 27, 2007, at 10:40 AM, Peter Boosten wrote: > Quoting Jeffrey Goldberg : > >> Is there any reason not to simply do a >> >> cd /var/log >> chown -R daemon . > > I think (but I'm not sure) that permissions will be reversed by mtree. This is the first I've heard of mtree. I just looked mtree(8), but I take it that mtree is run periodically somehow to "fix" things. Do you know where? I can always keep my logs in some place other than /var/log if this is an issue. >> also >> >> chown daemon /dev/console > > Won't work either. *if* you're going to do that you should alter / > etc/devfs.conf More things to learn. I'm not really concerned about logging to console anyway, as the machine will run headless most of the time. >> Will log rotation preserve daemon ownership? > > Never used the *traditional* log style with syslog-ng, I stored > everything per day/month/year/server. I'm doing that for hosts that this is the remote syslod server for. I'm using /var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY-$YEAR$MONTH$DAY" for everything coming from the udp source. I suppose I could just add "localhost" under HOSTS to do a similar destination for everything else, though there I would probably have FACILITY be the major categorization > I ended up running syslog-ng as root, which is probably a bad idea > as well, so I cannot give you any advice on this one. It sounds like using something other than /var/log for a destination makes the most sense. I won't promise anything, but if I get to grok this all better, I'll submit a pr for syslog-ng which includes a pkg-message and a FreeBSD README. (I had to look in the startup script for instructions on how to enable syslog-ng). Cheers, -j