A new version of syslog-ng was released during the weekend, version 3.3.1. As it has some major changes (http://git.balabit.hu/?p=bazsi/syslog-ng-3.3.git;a=blob_plain;f=NEWS;hb=HEAD), like changing from a single thread to multithreading, it is still only available from sysutils/syslog-ng-devel. It is already in production on many Linux servers, and works fine on my low traffic FreeBSD machine, but I did not receive feedback yet from the FreeBSD community.

So please test it and let me know any positive/negative experiences you have!

--
Peter Czanik (CzP) <czanik@balabit.hu>
BalaBit IT Security / syslog-ng upstream
http://czanik.blogs.balabit.com/

Dear Peter,

I've installed sysutils/syslog-ng version 3.3.4 without SSL support (because it's marked as broken). I made no changes to the sample config or to the startup script. Furthermore I disabled syslogd and killed it.

I get the following error, if I start syslog-ng:


syslog# /usr/local/etc/rc.d/syslog-ng start
Starting syslog_ng.
Error creating persistent state file; filename='/var/db/syslog-ng.persist-', error='Permission denied (13)'
/usr/local/etc/rc.d/syslog-ng: WARNING: failed to start syslog_ng


Do you have a tip to solve this problem? What does the hyphen at the end of filename='/var/db/syslog-ng.persist-'
?

Thanks in advance.

Thank you for testing syslog-ng.

SSL: it is not marked as broken. The only situation, when make config gives an error message is when both SSL options are selected, as those are mutually exclusive.

The persist file: persistent information, like position information for input log files is stored there, so files are not re-read from the beginning on a restart. The one with the hyphen is a backup file, which is created on startup.

Permission denied: this problem does not come up for me. Did you change anything in the configuration and/or start options?

On Linux AppArmor (access control) rules caused similar, when the file name with hyphen was introduced, as the profile for syslog-ng did not contain information about it. But on FreeBSD I'm not aware of such technologies.

--
Peter Czanik (CzP) <czanik@balabit.hu>
BalaBit IT Security / syslog-ng upstream
http://czanik.blogs.balabit.com/

It is likely that you added in your rc.conf:

syslog_ng_config="-u daemon"

This is setting syslog_ng to run as the daemon user. The daemon user is in the wheel group which does not have write permissions to /var/db/.

You can fix this by
chmod g+w /var/db
chmod g+w /var/run/log
chmod g+w /dev/klog