If you are using the Hacking Networked Solutions patch-set for Gentoo Linux then the installation files for the app-admin/syslog-ng package will have been modified automatically to perform some of the configuration actions mentioned in this guide such as creating users and groups. To this end the ebuild for the app-admin/syslog-ng package will have been modified as shown below.
src_configure() {
...
--disable-dependency-tracking \
--sysconfdir=/etc/syslog-ng \
--with-pidfile-dir=/var/run \
--with-pidfile-dir=/var/run/syslog-ng \
$(use_enable caps linux-caps) \
...
}
...
pkg_preinst() {
enewgroup syslog 514
enewuser syslog 514 -1 -1 "syslog,tty"
gpasswd -a root syslog
keepdir /var/run/syslog-ng
fperms 0770 /var/run/syslog-ng
fowners syslog:syslog /var/run/syslog-ng
}
pkg_postinst() {
...
Before we install any packages we should ensure that the correct use-flags are specified so that all required functionality is made available and unnecessary functionality is not included. The app-admin/syslog-ng package has only two use-flags of interest to us during the installation, and only then if we are installing a log server to receive log messages from other hosts over the network or we intend to log to a database server. The tcpd use-flag adds support for TCP wrappers which can be used to control remote access to the log service while the sql use-flag adds support for sending log messages to a variety of SQL databases. If you intend to use the functionality provided by either of these use-flags you should add a package specific entry to /etc/portage/package.use before performing the installation.
Once you are confident that the correct use-flags are set for the app-admin/syslog-ng, package and any dependencies it may require, you can proceed with the installation by issuing the emerge command shown below.
As we may wish to provide access to the log files to users other than root or run automated log analysis software, it would be a good idea to configure the logger to create files using an appropriate user and group with permissions suited to this end.
If you are using the patched version of the app-admin/syslog-ng package described above then the syslog group and user will have already been created for you. If you are using the vanilla app-admin/syslog-ng package you will need to create the syslog group and user yourself.
The commands below will create a new user called syslog and a new group, also called syslog, with a group-id and a user-id of 514. The new user will not have any home directory or shell access.
As we are going to configure the syslog-ng daemon to create files and directories which can only be written to by the syslog user and read from by any member of the syslog group it is probably a good idea to give the root user read access to the logs by making them a member of the syslog group. This can be achieved with the following command.
If you are using the patched version of the app-admin/syslog-ng package described above then the init script will have already been modified for you to use the new configuration file format which we will be describing below. If you are using the vanilla app-admin/syslog-ng package you will need to make the following modifications to the /etc/init.d/syslog-ng script.
checkconfig() {
...
# Ensure that /proc/kmsg is owned by syslog user
[[ $(stat -c %U /proc/kmsg) == ${SYSLOG_NG_USER} ]] || chown ${SYSLOG_NG_USER} /proc/kmsg
[ $? -eq 0 ] || eend $? "Unable to change ownership of /proc/kmsg"
}
start() {
checkconfig || return 1
ebegin "Starting syslog-ng"
[ -n "${SYSLOG_NG_OPTS}" ] && SYSLOG_NG_OPTS="-- ${SYSLOG_NG_OPTS}"
start-stop-daemon --start --pidfile /var/run/syslog-ng.pid --exec /usr/sbin/syslog-ng ${SYSLOG_NG_OPTS}
start-stop-daemon --start --pidfile /var/run/syslog-ng/syslog-ng.pid --exec /usr/sbin/syslog-ng -- -u ${SYSLOG_NG_USER} -g ${SYSLOG_NG_GROUP} ${SYSLOG_NG_OPTS}
eend $? "Failed to start syslog-ng"
}
You can now modify the /etc/conf.d/syslog-ng configuration file which will be read by the init script during startup. The following code will cause the syslog-ng daemon to switch to the syslog user and the syslog group.
# User and group settings
SYSLOG_NG_USER="syslog"
SYSLOG_NG_GROUP="syslog"
# Put any additional options for syslog-ng here.
# See syslog-ng(8) for more information.
SYSLOG_NG_OPTS=""
The installation of the syslog-ng daemon is now complete. In the next section we shall cover the configuration of log sources, filters, destinations, and the mappings between them which make it all work.