[Pdns-users] Alternative way to log in pdns_recursor when OS holds Syslog hostage
nicholas at nicholaswilliams.net
Sat Nov 4 05:22:25 UTC 2017
So, I made some progress with disabling the Busybox syslog server (can’t remove it completely without removing Busybox, but I can disable it) and replacing it with syslog-ng (which I really like, BTW), but I’m experiencing some odd behavior with PDNS (only) writing to syslog:
If I start `/usr/sbin/pdns_recursor --daemon=no --write-pid=no --disable-syslog=no` manually from the command prompt (as root), it logs to syslog-ng perfectly. If I start it with `systemctl start pdns-recursor`, it does not log to syslog-ng no matter what I do. (I started syslog-ng in debug+verbose mode to be sure, and there are simply no messages being delivered into /dev/log from PDNS.) My first assumption was that this must be a permissions issue, but a quick check disproves that theory. First, /dev/log is world-writable already:
# ls -al /dev/log
srw-rw-rw- 1 root root 0 Nov 3 23:56 /dev/log
Second, FreeRADIUS is also running as non-root started with `systemctl start freeradius`, but FreeRADIUS is logging to Syslog just fine with no issues:
# ps axu|grep -P "(syslog|radius)"
root 2524 0.0 0.1 8428 3276 ? Ss Nov03 0:00 /usr/sbin/syslog-ng -dv
pdns 2541 1.9 0.4 42276 9640 ? Ssl Nov03 0:08 /usr/sbin/pdns_recursor --daemon=no --write-pid=no --disable-syslog=no
freerad 2612 0.0 0.1 49672 3892 ? Ssl 00:05 0:00 /usr/sbin/freeradius
root 2620 0.0 0.0 2648 544 pts/1 S+ 00:06 0:00 grep -P (syslog|radius)
I am not having any other problems getting any other applications to log to syslog-ng. It’s just PDNS (Recursor … I’m not using Authoritative).
:-/ :-/ :-/
> On Nov 3, 2017, at 3:26 AM, Brian Candler <b.candler at pobox.com> wrote:
> On 02/11/2017 23:09, Nicholas Williams wrote:
>> - Log to host:port
> You could install a "real" syslog server like syslog-ng or rsyslog, listening on a different port (say 127.0.0.1:5140), and tell your Busybox syslog to forward to that. Then you can do filtering based on facility and level (e.g. set logging-facility=3 to log to facility "local3")
> It might be better simply to disable the Busybox syslog server (if you can find where it's enabled in startup scripts) and run just the real one instead.
> Another option is to forward all your logs to another host anyway, to avoid wear on the flash of your tiny host.
More information about the Pdns-users