Syslog fails to open /dev/log. Nothing gets logged.

From MyWiki

Revision as of 14:54, 22 October 2008 by Admin (Talk | contribs)
(diff) ← Older revision | Current revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Running RedHat ES 4 at $WORK and found out that syslog stopped logging and all of iptables LOG output gets redirected on to console instead of getting into /var/log located file.

[root@server]# netstat -anp | grep sys
unix  2      [ ACC ]     STREAM     LISTENING     8294   3579/dbus-daemon-1  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     8350   3579/dbus-daemon-1  /var/run/dbus/system_bus_socket

Started to dig and strange thing: when restarting syslogd using /etc/init.d/syslog script, nothing is working as should be (i.e. syslog doesn't bind to unix socket and doesn't grab /dev/log from minilogd. But if I start it 'manually' by running /sbin/syslogd <whatever the options> from the command line - everything works.

Googled left and right and nothing useful pops up. Then I thought of selinux (my usual suspect these days) and by disbling it, restarting syslogd with /etc/init.d/syslog restart, enabling selinux again, everything is back to normal.

[root@server]# netstat -anp | grep sys
unix  3      [ ]         DGRAM                    23061  8799/syslogd        /dev/log
unix  2      [ ACC ]     STREAM     LISTENING     8294   3579/dbus-daemon-1  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     8350   3579/dbus-daemon-1  /var/run/dbus/system_bus_socket

Now I wonder why is it that I need to do it like that. Where is that little bug is sitting.

So, the solution was:

[root@server]# echo 0 >/selinux/enforce
[root@server]# /etc/init.d/syslog restart
[root@server]# echo 1 >/selinux/enforce
Personal tools