Timeline for SELinux causing issue with syslog-ng
Current License: CC BY-SA 4.0
13 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Oct 17 at 12:48 | comment | added | user3271408 |
Update: I made the syslogd_t type permissive and left SELinux in enforcing mode. This immediately allowed the system to write to my syslog directory as I wanted it to. I know that's not ideal, but I figure absent any logs, having one service in permissive mode and the rest of the system enforcing is better than the whole system in permissive mode.
|
|
| Oct 16 at 4:45 | comment | added | Ivan Chau | To check if $HOST has value in this configuration, simple use as filename like messages_$HOST to see if this filename shows $HOST value | |
| Oct 16 at 4:43 | comment | added | Ivan Chau |
Can you try semanage command, then chcon -Rv -t var_log_t '/data/logs(/.*)?', then restorecon? Check if -u is needed for chcon
|
|
| Oct 14 at 16:33 | comment | added | user3271408 |
I set the ${HOST} variable with export HOST=$HOSTNAME. Checked that the ${HOST} variable showed as set and it did. I enforced SEL with setenforce=1 and waited five minutes. The problem remained. I'm not sure if my method of setting the $HOST variable would apply or be used by the syslog process though.
|
|
| Oct 14 at 15:39 | comment | added | user3271408 | Maybe with SEL disabled, the system figures out the Hostname even without the variable. But SEL enabled doesn’t allow that process to occur? I’ll try setting that variable and see if that changes anything. | |
| Oct 14 at 15:35 | comment | added | user3271408 |
@IvanChau I had to look up how to check a variable. I used this method: if [ -z ${var+x} ]; then echo "var is unset"; else echo "var is set to '$var'"; fi. That showed that the variable is not set. I can see (obviously) how that could be a problem. But if the syslog config works even so, then I’m not sure what to make of it. Apologies if my formatting isn’t correct here, I’m working off a phone right now.
|
|
| Oct 13 at 13:33 | comment | added | user3271408 |
Yes, I can check that tomorrow. However, I thought that if I change setenforce 0 and it immediately starts writing to the /data/logs/localserver/ directory, and it stops writing when I change it to setenforce 1, that is a clear indication that the problem is SELinux. Am I mistaken on that?
|
|
| Oct 13 at 10:13 | comment | added | Ivan Chau | Can you check if ${HOST} variable return anything, NOT empty? | |
| Oct 13 at 6:00 | answer | added | Janos Szigetvari | timeline score: 1 | |
| Oct 12 at 12:09 | comment | added | user3271408 |
/var/log/messages and /var/log/audit/audit.log both continue to write logs. Just not at /data/logs/localserver.
|
|
| Oct 11 at 20:34 | comment | added | Hauke Laging |
But even after that, logs still stop writing to /data/logs/localserver. Did the audit log entries change?
|
|
| S Oct 10 at 16:03 | review | First questions | |||
| Oct 10 at 16:08 | |||||
| S Oct 10 at 16:03 | history | asked | user3271408 | CC BY-SA 4.0 |