From owner-freebsd-questions@FreeBSD.ORG Thu Dec 27 18:34:03 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A46616A419 for ; Thu, 27 Dec 2007 18:34:03 +0000 (UTC) (envelope-from peter@boosten.org) Received: from smtpq2.groni1.gr.home.nl (smtpq2.groni1.gr.home.nl [213.51.130.201]) by mx1.freebsd.org (Postfix) with ESMTP id C51E813C43E for ; Thu, 27 Dec 2007 18:34:02 +0000 (UTC) (envelope-from peter@boosten.org) Received: from [213.51.130.188] (port=50569 helo=smtp3.groni1.gr.home.nl) by smtpq2.groni1.gr.home.nl with esmtp (Exim 4.60) (envelope-from ) id 1J7xYP-0004TQ-K6; Thu, 27 Dec 2007 19:34:01 +0100 Received: from cp268254-a.landg1.lb.home.nl ([84.25.65.88]:5047 helo=ra.egypt.nl) by smtp3.groni1.gr.home.nl with esmtp (Exim 4.60) (envelope-from ) id 1J7xYN-0001rV-IU; Thu, 27 Dec 2007 19:34:01 +0100 Received: from [192.168.13.53] (VAL00653.egypt.nl [192.168.13.53]) by ra.egypt.nl (Postfix) with ESMTP id 06BAC39877; Thu, 27 Dec 2007 19:33:58 +0100 (CET) Message-ID: <4773F016.3010409@boosten.org> Date: Thu, 27 Dec 2007 19:33:58 +0100 From: Peter Boosten User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: Jeffrey Goldberg References: <1FF40B1F-D183-421A-A7A6-1BFD8E5EBE15@utdallas.edu> <20071227044016.bqrtqsjpwogkgc8k@www.boosten.org> <98D543FB-8060-4F8F-B4FD-4E5B8ABE876F@goldmark.org> <20071227174049.ku0vp66isksgkk0c@www.boosten.org> <9F820227-4DB1-474E-B50C-1CE2536CC1FD@goldmark.org> In-Reply-To: <9F820227-4DB1-474E-B50C-1CE2536CC1FD@goldmark.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) Cc: User questions Subject: Re: syslog-ng not logging X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Dec 2007 18:34:03 -0000 Jeffrey Goldberg wrote: > This is the first I've heard of mtree. I just looked mtree(8), but I > take it that mtree is run periodically somehow to "fix" things. Do > you know where? > > I can always keep my logs in some place other than /var/log if this is > an issue. > IIRC it's done at boot time. Have a look at /etc/rc.d/var >>> Will log rotation preserve daemon ownership? >> >> Never used the *traditional* log style with syslog-ng, I stored >> everything per day/month/year/server. > > I'm doing that for hosts that this is the remote syslod server for. > I'm using > > /var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY-$YEAR$MONTH$DAY" > > for everything coming from the udp source. I suppose I could just add > "localhost" under HOSTS to do a similar destination for everything > else, though there I would probably have FACILITY be the major > categorization > "localhost" will be created automatically by syslog-ng (although it'll probably use the hosts fqdn). >> I ended up running syslog-ng as root, which is probably a bad idea as >> well, so I cannot give you any advice on this one. > > It sounds like using something other than /var/log for a destination > makes the most sense. No, it's enough to grant daemon write permissions in /var/log/HOSTS. Since you're using the $DAY macro, you won't need log rotation anyway. Regards, Peter -- http://www.boosten.org