syslogd server

I run a syslog server, I have a freebsd jail that runs syslogd, its configured to send to the syslog server, but no traffic is sent by the jails syslogd. The jails host machines syslogd sends to the remote just fine. I have removed the -s option from syslogd startup flags, and syslog.conf is configured exactly as all the other working syslogd clients. Is there some limitation in the jail thats preventing the jails syslogd from sending to the remote? The networking part of the jail works fine, no firewall.
 
Hmmm, seems my loghost line at the bottom was the reason it didn't work, I moved further up the file, and now its working.
 
Syslogd makes use of unix IPCs, which are not jail safe. By default, jailed processes are not allowed to make any use of IPCs at all. You can change this behavior with the sysctl option:

security.jail.socket_unixiproute_only

By default it is set to 1, setting it to 0 will allow all jailed processes to make use of all IPCs on the machine, including ones owned by other jails and the host system, as the all or nothing approach is as much as the jail code in the kernel knows how to do. So, you really defeat the purpose of jails when you change the stock behavior.

chroot is significantly weaker than jail, but is probably a more appropriate way to segregate syslogd from the host OS.
 
Back
Top