Syslog Server mit Ubuntu Natty

Per Default laeuft auf Ubuntu Natty der rsyslog allerdings bevorzuge ich als Syslog Server den syslog-ng.
Die Installation ist eigentlich nicht besonders schwierig aber dennoch gibt es einen kleinen Kniff der bei Ubuntu Natty angewendet werden sollte.

Hier also die kurze Anleitung (alles mit root oder sudo ausfuehren):

Syslog-ng installieren – rsyslog wird damit auch deinstalliert

aptitude install syslog-ng

1	aptitude install syslog-ng

Dann muss in der /etc/syslog-ng/syslog-ng.conf noch eine source, destination und log konfiguriert werden

#udp syslog messages erlauben
source s_network {
        udp();
};

#destination fuer alle Netzwerkmeldungen
destination d_network { file("/var/log/network.log"); };

#source und destination werden zusammen gefuehrt
log {
        source(s_network);
        destination(d_network);
};

#udp syslog messages erlauben

source s_network {

udp();

};

#destination fuer alle Netzwerkmeldungen

destination d_network { file("/var/log/network.log"); };

#source und destination werden zusammen gefuehrt

log {

source(s_network);

destination(d_network);

};

Nicht zu vergessen, das Logfile dann auch zu erstellen

root@neptun:~#touch /var/log/network.log
root@neptun:~#chown root.adm /var/log/network.log
root@neptun:~#chmod 640 /var/log/network.log

root@neptun:~#touch /var/log/network.log

root@neptun:~#chown root.adm /var/log/network.log

root@neptun:~#chmod 640 /var/log/network.log

Die Konfiguration ist zwar sehr basic und koennte natuerlich fuer TCP Meldungen oder DB Anbindung erweitert werden, aber fuer meine Zwecke reicht das vollkommen.

Dann fuegen wir das neue Log auch noch in der /etc/logrotate.conf hinzu, damit es auch schoen verwaltet wird.

/var/log/network.log {
   rotate 7
   weekly
   missingok
   notifempty
   compress
}

/var/log/network.log {

rotate 7

weekly

missingok

notifempty

compress

}

So und jetzt noch eine kleine Besonderheit die derzeit auf Natty zu solchen Meldungen fuehren kann:

Jun 13 08:52:17 neptun kernel: Kernel logging (proc) stopped.
Jun 13 08:52:17 neptun rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="1096" x-info="http://www.rsyslog.com"] exiting on signal 15.
Jun 13 08:52:28 neptun syslog-ng[14032]: syslog-ng starting up; version='3.1.3'
Jun 13 08:52:28 neptun kernel: [70042.460413] ------------[ cut here ]------------
Jun 13 08:52:28 neptun kernel: [70042.460430] WARNING: at /build/buildd/linux-2.6.38/kernel/printk.c:288 do_syslog+0xc0/0x550()
Jun 13 08:52:28 neptun kernel: [70042.460437] Hardware name: GA-890FXA-UD5
Jun 13 08:52:28 neptun kernel: [70042.460441] Attempt to access syslog with CAP_SYS_ADMIN but no CAP_SYSLOG (deprecated).
Jun 13 08:52:28 neptun kernel: [70042.460446] Modules linked in: nls_iso8859_1 nls_cp437 vfat fat dm_crypt vesafb binfmt_misc snd_hda_codec_hdmi snd_hda_codec_realtek snd_usb_audio snd_usbmidi_lib snd_hda_intel snd_hda_codec snd_hwdep snd_seq_midi nvidia(P) snd_pcm snd_rawmidi snd_seq_midi_event snd_seq ppdev snd_timer snd_seq_device snd serio_raw soundcore xhci_hcd edac_core snd_page_alloc edac_mce_amd k10temp sp5100_tco parport_pc i2c_piix4 lp parport xfs exportfs raid10 raid456 async_pq async_xor xor async_memcpy async_raid6_recov usbhid hid raid6_pq async_tx raid0 multipath linear raid1 usb_storage firewire_ohci firewire_core uas ahci crc_itu_t pata_jmicron pata_atiixp libahci r8169
Jun 13 08:52:28 neptun kernel: [70042.460557] Pid: 14032, comm: syslog-ng Tainted: P            2.6.38-8-generic #42-Ubuntu
Jun 13 08:52:28 neptun kernel: [70042.460563] Call Trace:
Jun 13 08:52:28 neptun kernel: [70042.460575]  [] ? warn_slowpath_common+0x7f/0xc0
Jun 13 08:52:28 neptun kernel: [70042.460584]  [] ? warn_slowpath_fmt+0x46/0x50
Jun 13 08:52:28 neptun kernel: [70042.460594]  [] ? security_capable+0x29/0x30
Jun 13 08:52:28 neptun kernel: [70042.460603]  [] ? do_syslog+0xc0/0x550
Jun 13 08:52:28 neptun kernel: [70042.460611]  [] ? proc_lookup+0x1b/0x20
Jun 13 08:52:28 neptun kernel: [70042.460619]  [] ? proc_root_lookup+0x27/0x50
Jun 13 08:52:28 neptun kernel: [70042.460628]  [] ? d_alloc_and_lookup+0x45/0x90
Jun 13 08:52:28 neptun kernel: [70042.460636]  [] ? kmsg_open+0x1c/0x20
Jun 13 08:52:28 neptun kernel: [70042.460645]  [] ? proc_reg_open+0xad/0x1a0
Jun 13 08:52:28 neptun kernel: [70042.460653]  [] ? kmsg_release+0x0/0x20
Jun 13 08:52:28 neptun kernel: [70042.460661]  [] ? kmsg_open+0x0/0x20
Jun 13 08:52:28 neptun kernel: [70042.460669]  [] ? proc_reg_open+0x0/0x1a0
Jun 13 08:52:28 neptun kernel: [70042.460677]  [] ? __dentry_open+0xce/0x2f0
Jun 13 08:52:28 neptun kernel: [70042.460684]  [] ? generic_permission+0x23/0xc0
Jun 13 08:52:28 neptun kernel: [70042.460693]  [] ? nameidata_to_filp+0x71/0x80
Jun 13 08:52:28 neptun kernel: [70042.460701]  [] ? finish_open+0xc8/0x1b0
Jun 13 08:52:28 neptun kernel: [70042.460708]  [] ? do_path_lookup+0x87/0x160
Jun 13 08:52:28 neptun kernel: [70042.460716]  [] ? do_filp_open+0x2c8/0x7c0
Jun 13 08:52:28 neptun kernel: [70042.460724]  [] ? d_kill+0xe6/0x140
Jun 13 08:52:28 neptun kernel: [70042.460733]  [] ? __strncpy_from_user+0x27/0x60
Jun 13 08:52:28 neptun kernel: [70042.460742]  [] ? alloc_fd+0xf7/0x150
Jun 13 08:52:28 neptun kernel: [70042.460749]  [] ? do_sys_open+0x6a/0x150
Jun 13 08:52:28 neptun kernel: [70042.460757]  [] ? sys_open+0x20/0x30
Jun 13 08:52:28 neptun kernel: [70042.460764]  [] ? system_call_fastpath+0x16/0x1b
Jun 13 08:52:28 neptun kernel: [70042.460771] ---[ end trace 6f8048fab68c58ed ]---

Jun 13 08:52:17 neptun kernel: Kernel logging (proc) stopped.

Jun 13 08:52:17 neptun rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="1096" x-info="http://www.rsyslog.com"] exiting on signal 15.

Jun 13 08:52:28 neptun syslog-ng[14032]: syslog-ng starting up; version='3.1.3'

Jun 13 08:52:28 neptun kernel: [70042.460413] ------------[ cut here ]------------

Jun 13 08:52:28 neptun kernel: [70042.460430] WARNING: at /build/buildd/linux-2.6.38/kernel/printk.c:288 do_syslog+0xc0/0x550()

Jun 13 08:52:28 neptun kernel: [70042.460437] Hardware name: GA-890FXA-UD5

Jun 13 08:52:28 neptun kernel: [70042.460441] Attempt to access syslog with CAP_SYS_ADMIN but no CAP_SYSLOG (deprecated).

Jun 13 08:52:28 neptun kernel: [70042.460446] Modules linked in: nls_iso8859_1 nls_cp437 vfat fat dm_crypt vesafb binfmt_misc snd_hda_codec_hdmi snd_hda_codec_realtek snd_usb_audio snd_usbmidi_lib snd_hda_intel snd_hda_codec snd_hwdep snd_seq_midi nvidia(P) snd_pcm snd_rawmidi snd_seq_midi_event snd_seq ppdev snd_timer snd_seq_device snd serio_raw soundcore xhci_hcd edac_core snd_page_alloc edac_mce_amd k10temp sp5100_tco parport_pc i2c_piix4 lp parport xfs exportfs raid10 raid456 async_pq async_xor xor async_memcpy async_raid6_recov usbhid hid raid6_pq async_tx raid0 multipath linear raid1 usb_storage firewire_ohci firewire_core uas ahci crc_itu_t pata_jmicron pata_atiixp libahci r8169

Jun 13 08:52:28 neptun kernel: [70042.460557] Pid: 14032, comm: syslog-ng Tainted: P 2.6.38-8-generic #42-Ubuntu

Jun 13 08:52:28 neptun kernel: [70042.460563] Call Trace:

Jun 13 08:52:28 neptun kernel: [70042.460575] [] ? warn_slowpath_common+0x7f/0xc0

Jun 13 08:52:28 neptun kernel: [70042.460584] [] ? warn_slowpath_fmt+0x46/0x50

Jun 13 08:52:28 neptun kernel: [70042.460594] [] ? security_capable+0x29/0x30

Jun 13 08:52:28 neptun kernel: [70042.460603] [] ? do_syslog+0xc0/0x550

Jun 13 08:52:28 neptun kernel: [70042.460611] [] ? proc_lookup+0x1b/0x20

Jun 13 08:52:28 neptun kernel: [70042.460619] [] ? proc_root_lookup+0x27/0x50

Jun 13 08:52:28 neptun kernel: [70042.460628] [] ? d_alloc_and_lookup+0x45/0x90

Jun 13 08:52:28 neptun kernel: [70042.460636] [] ? kmsg_open+0x1c/0x20

Jun 13 08:52:28 neptun kernel: [70042.460645] [] ? proc_reg_open+0xad/0x1a0

Jun 13 08:52:28 neptun kernel: [70042.460653] [] ? kmsg_release+0x0/0x20

Jun 13 08:52:28 neptun kernel: [70042.460661] [] ? kmsg_open+0x0/0x20

Jun 13 08:52:28 neptun kernel: [70042.460669] [] ? proc_reg_open+0x0/0x1a0

Jun 13 08:52:28 neptun kernel: [70042.460677] [] ? __dentry_open+0xce/0x2f0

Jun 13 08:52:28 neptun kernel: [70042.460684] [] ? generic_permission+0x23/0xc0

Jun 13 08:52:28 neptun kernel: [70042.460693] [] ? nameidata_to_filp+0x71/0x80

Jun 13 08:52:28 neptun kernel: [70042.460701] [] ? finish_open+0xc8/0x1b0

Jun 13 08:52:28 neptun kernel: [70042.460708] [] ? do_path_lookup+0x87/0x160

Jun 13 08:52:28 neptun kernel: [70042.460716] [] ? do_filp_open+0x2c8/0x7c0

Jun 13 08:52:28 neptun kernel: [70042.460724] [] ? d_kill+0xe6/0x140

Jun 13 08:52:28 neptun kernel: [70042.460733] [] ? __strncpy_from_user+0x27/0x60

Jun 13 08:52:28 neptun kernel: [70042.460742] [] ? alloc_fd+0xf7/0x150

Jun 13 08:52:28 neptun kernel: [70042.460749] [] ? do_sys_open+0x6a/0x150

Jun 13 08:52:28 neptun kernel: [70042.460757] [] ? sys_open+0x20/0x30

Jun 13 08:52:28 neptun kernel: [70042.460764] [] ? system_call_fastpath+0x16/0x1b

Jun 13 08:52:28 neptun kernel: [70042.460771] ---[ end trace 6f8048fab68c58ed ]---

Die Linux Kernel Developer haben sich dazu entschlossen, die Art und Weise wie auf /proc/kmsg zugegriffen werden soll zu veraendern. Ab der syslog-ng Version 3.3 ist das auch kein Thema mehr aber die derzeitige Version (3.1.3) in Natty hat das noch nicht implementiert, weshalb es zu diesen unschoenen Meldungen kommt.
Als kleinen Workaround empfiehlt es sich in /etc/default/syslog-ng folgende Zeile auszukommentieren.

# Command line options to syslog-ng
#SYSLOGNG_OPTS="--no-caps"

1 2	# Command line options to syslog-ng #SYSLOGNG_OPTS="--no-caps"

Syslog Server mit Ubuntu Natty

Neueste Beiträge

Kategorien

Archive

Meta