Linux Syslogd: Nothing Gets Logged Using /dev/log And /jail/apache/dev/log

by on August 22, 2010 · 0 comments· LAST UPDATED August 22, 2010

in , ,

I've configured my Apache in chrooted jail at /jail/apache directory. However, my syslogd is not working and nothing gets logged using /dev/log and /jail/apache/dev/log. How do I fix this problem under CentOS 5.x AMD64 with SELinux?

By default syslogd daemon is listening to the socket /dev/log. You can verify this using lsof command:
lsof -c syslogd
lsof -c syslogd | grep '/dev/'

Sample outputs:

syslogd 38944 root    0u  unix 0xffff8103215b08c0           28951978 /dev/log

However, you need to set additional sockets from that syslogd has to listen for all chrooted environment. By default you can use up to 19 additional sockets. If your environment needs even more, you have to increase the symbol MAXFUNIX within the syslogd.c source file. Edit /etc/sysconfig/syslog, enter:
# vi /etc/sysconfig/syslog
Now, set /jail/apache/dev/log along with default /dev/null syslogd daemon socket path:

SYSLOGD_OPTIONS="-m 0 -a /jail/apache/dev/log"

Save and close the file. Now, restart the syslogd:
# service syslog restart
Make sure your syslogd daemon is listening to the socket /dev/log and /jail/apache/dev/log, enter:
# lsof -c syslogd | grep '/dev/'
Sample outputs:

syslogd 38944 root    0u  unix 0xffff8103215b08c0           28951978 /dev/log
syslogd 38944 root    7u  unix 0xffff8103215b1100           28951980 /jail/apache/dev/log

SELinux Problem

When you restart syslogd and nothing is working as it should be, than SELinux may causing the problem. You will notice that the above command doesn't indicate that /dev/log and /jail/apache/dev/log sockets used by syslogd. To fix this problem type the following commands:
# setenforce 0
# service syslog restart
# setenforce 1
# lsof -c syslogd | grep '/dev/'

setenforce command with the 1 option to put SELinux in enforcing mode. Use 0 option to put SELinux in permissive mode. This is used for troubleshooting SELinux problems. You may need to patch /etc/init.d/syslog to fix this problem permanently.

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 0 comments… add one now }

Leave a Comment

Tagged as: , , , , , , , , , , , , , , ,

Previous Faq:

Next Faq: