[Pdns-users] Alternative way to log in pdns_recursor when OS holds Syslog hostage

Nick Williams nicholas at nicholaswilliams.net
Sat Nov 4 05:22:25 UTC 2017 

So, I made some progress with disabling the Busybox syslog server (can’t remove it completely without removing Busybox, but I can disable it) and replacing it with syslog-ng (which I really like, BTW), but I’m experiencing some odd behavior with PDNS (only) writing to syslog:

If I start `/usr/sbin/pdns_recursor --daemon=no --write-pid=no --disable-syslog=no` manually from the command prompt (as root), it logs to syslog-ng perfectly. If I start it with `systemctl start pdns-recursor`, it does not log to syslog-ng no matter what I do. (I started syslog-ng in debug+verbose mode to be sure, and there are simply no messages being delivered into /dev/log from PDNS.) My first assumption was that this must be a permissions issue, but a quick check disproves that theory. First, /dev/log is world-writable already:

# ls -al /dev/log
srw-rw-rw- 1 root root 0 Nov  3 23:56 /dev/log

Second, FreeRADIUS is also running as non-root started with `systemctl start freeradius`, but FreeRADIUS is logging to Syslog just fine with no issues:

# ps axu|grep -P "(syslog|radius)"
root      2524  0.0  0.1   8428  3276 ?        Ss   Nov03   0:00 /usr/sbin/syslog-ng -dv
pdns      2541  1.9  0.4  42276  9640 ?        Ssl  Nov03   0:08 /usr/sbin/pdns_recursor --daemon=no --write-pid=no --disable-syslog=no
freerad   2612  0.0  0.1  49672  3892 ?        Ssl  00:05   0:00 /usr/sbin/freeradius
root      2620  0.0  0.0   2648   544 pts/1    S+   00:06   0:00 grep -P (syslog|radius)

I am not having any other problems getting any other applications to log to syslog-ng. It’s just PDNS (Recursor … I’m not using Authoritative).

:-/ :-/ :-/ 

Thoughts?

> On Nov 3, 2017, at 3:26 AM, Brian Candler <b.candler at pobox.com> wrote:
> 
> On 02/11/2017 23:09, Nicholas Williams wrote:
>> - Log to host:port
> 
> You could install a "real" syslog server like syslog-ng or rsyslog, listening on a different port (say 127.0.0.1:5140), and tell your Busybox syslog to forward to that.  Then you can do filtering based on facility and level (e.g. set logging-facility=3 to log to facility "local3")
> 
> It might be better simply to disable the Busybox syslog server (if you can find where it's enabled in startup scripts) and run just the real one instead.
> 
> Another option is to forward all your logs to another host anyway, to avoid wear on the flash of your tiny host.

More information about the Pdns-users mailing list