if nothing is running inside the chroot environment, why do you think you need
to setup mysql inside chroot?
if you want to do so for some other reason, fine. But if you think that you need
to because something else is running inside chroot, you are incorrect.
if rsyslog is outside of the chroot, then completely forget that you have chroot
anywhere on the system and get rsyslog logging to MySQL normally.
Then as a separate thing, work on gathering the logs from inside the chroot.
David Lang
On Wed, 27 Jul 2016, lai wrote:
Date: Wed, 27 Jul 2016 09:12:03 -0600
From: lai <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: rsyslog-users <[email protected]>
Subject: Re: [rsyslog] Writing rsyslog message to MySQL in Changeroot
Environment
Hi, David:
Well, the rsyslog is setup to write to the MySQL database via its ommysql
module.
Yes, nothing is running inside the chroot environment.
Yes, I had to create a /chroot/dev/log device for rsyslog to write to
/var/log/sftp.log
I don't think I need a mysql.sock as I am writing to a remote DB. I think
I will need to setup a mysql environment inside chroot for ommysql to
write to the DB...
Hmm...anyone had done this b4? I was hoping to keep things simple and not
have to create another "Centos" inside chroot...
I really appreciate your help...thx!
Tim
On Tue, July 26, 2016 5:48 pm, David Lang wrote:
If neither MySQL or Rsyslog are in the chroot, and you are successfully
getting some logs into MySQL, then this issue has nothing to do with
libraries or MySQL
when you say you are not getting chroot user logs into the database, what
is it that would generate the logs?
if it's the sftp server, then you need to look at it's configuration. Is
it running inside the chroot with no ability to write to /dev/log outside
the chroot?
if so, can it write to /dev/log inside the chroot?
if so, the answer is to create an additional uxsock inside the chroot in
the rsyslog config.
David Lang
On Tue, 26 Jul 2016, lai wrote:
Hi, David:
Thx for the reply!
Neither is in the chroot environment. I have setup chroot only for sftp
users in the sshd_config file. So I figured ommysql wasn't logging
sftp users must have to do with some missing mysql libraries, as it does
log non-sftp users.
I guess I am just not sure on which mysql libraries that are needed. I
had found doc on setting up /chroot/dev/log device so chroot user can
write to the log file, but I have not found any documentations for the
case of writing to mysql.
Currently, I have a sftp server accepting users' uploads in a chroot
environment, and I would like to log the sftp events to our mysql
database.
Thanks so much for your help!
Tim
On Tue, July 26, 2016 3:58 pm, David Lang wrote:
is rsyslog in the chroot, or is mysql in the chroot?
if rsyslog is in the chroot, then it needs the mysql libraries
available to it (which should be specified by your package
dependencies)
but things working for some users and not for other users doesn't
make sense, rsyslog doesn't know what a user is.
David Lang
On Tue, 26 Jul 2016, lai wrote:
Date: Tue, 26 Jul 2016 15:19:07 -0600
From: lai <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: rsyslog-users <[email protected]>
Subject: Re: [rsyslog] ***SPAM*** Writing rsyslog message to MySQL
in Changeroot Environment
Ah...still stuck...
So I am certain that the issue has to do with the chroot setting as
rsyslog is not able to log event to MySQL. I know to write to a
log file in a chroot environment I would need to setup the
/home/user/dev/log
in the chroot environment. I guess my question is what rsyslogd
needs in the chroot environment for the ommysql module to work?
I really, really would appreciate any info that you have and your
help! Thx so much!
Tim
On Mon, July 25, 2016 2:42 pm, lai wrote:
Hello:
I had setup rsyslog message writing to MySQL working; however, it
is not writing for some users in the changeroot environment. My
guess would be it has to do with the user's access permission.
So does anyone have any info on user access permission settings
when using the ommysql module? The user in question has a nologin
and a limited dir access permissions (/home/user is owned by root
and it owns /home/user/uploads dir).
Thanks so much for your help!
Tim
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST
if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
