syslog-ng FAQ chroot

Summary

This article describes, how syslog-ng can be used in a chroot environment

Running syslog-ng chrooted

Start syslog-ng using the ''--chroot'' command-line parameter. For example: '''syslog-ng --chroot /var/chroot'''.

before v3.0

The syslog-ng application initializes its configuration before the changing the root (e.g., the local UNIX domain socket ''/dev/log'' is opened before chrooting).

Note that it is not possible to reload the syslog-ng configuration after chrooting, thus you will need to use restart, or bind-mount the ''/dev'' directory into the chroot.

from v3.0

The syslog-ng application first changes the root and initializes its configuration file and opens files only afterward.

Read logs from chroot environment

One can add additional log sources to the configuration of the syslog-ng application running outside of the chroot, which point to /dev/log inside the chroot.

source local { unix-stream("/dev/log"); internal(); }; source jail1 { unix-stream("/jail/dns/dev/log"); }; source jail2 { unix-stream("/jail/www/dev/log"); };

You can do this by using a single source:

source local { unix-stream("/dev/log"); internal(); unix-stream("/jail/dns/dev/log"); };

Note that postfix appears to need a log socket in it's chroot jail, or it's logging will stop when you reload syslog-ng: <pre>source postfix { unix-stream("/var/spool/postfix/dev/log" keep-alive(yes)); };</pre>