Linux Syslogd: Nothing Gets Logged Using /dev/log And /jail/apache/dev/log

Posted on in Categories , , , , last updated August 22, 2010

I‘ve configured my Apache in chrooted jail at /jail/apache directory. However, my syslogd is not working and nothing gets logged using /dev/log and /jail/apache/dev/log. How do I fix this problem under CentOS 5.x AMD64 with SELinux?

By default syslogd daemon is listening to the socket /dev/log. You can verify this using lsof command:
lsof -c syslogd
lsof -c syslogd | grep '/dev/'

Sample outputs:

syslogd 38944 root    0u  unix 0xffff8103215b08c0           28951978 /dev/log

However, you need to set additional sockets from that syslogd has to listen for all chrooted environment. By default you can use up to 19 additional sockets. If your environment needs even more, you have to increase the symbol MAXFUNIX within the syslogd.c source file. Edit /etc/sysconfig/syslog, enter:
# vi /etc/sysconfig/syslog
Now, set /jail/apache/dev/log along with default /dev/null syslogd daemon socket path:

SYSLOGD_OPTIONS="-m 0 -a /jail/apache/dev/log"

Save and close the file. Now, restart the syslogd:
# service syslog restart
Make sure your syslogd daemon is listening to the socket /dev/log and /jail/apache/dev/log, enter:
# lsof -c syslogd | grep '/dev/'
Sample outputs:

syslogd 38944 root    0u  unix 0xffff8103215b08c0           28951978 /dev/log
syslogd 38944 root    7u  unix 0xffff8103215b1100           28951980 /jail/apache/dev/log

SELinux Problem

When you restart syslogd and nothing is working as it should be, than SELinux may causing the problem. You will notice that the above command doesn’t indicate that /dev/log and /jail/apache/dev/log sockets used by syslogd. To fix this problem type the following commands:
# setenforce 0
# service syslog restart
# setenforce 1
# lsof -c syslogd | grep '/dev/'

setenforce command with the 1 option to put SELinux in enforcing mode. Use 0 option to put SELinux in permissive mode. This is used for troubleshooting SELinux problems. You may need to patch /etc/init.d/syslog to fix this problem permanently.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

1 comment

  1. On the SELinux issue, If you set the SELinux context for the file then you should be good to go.

    semanage fcontext -a -t devlog_t /path/to/logsocket
    restorecon -Fv /path/to/log/socket

Leave a Comment