Comment 4 for bug 701671

Gordon Reyburn (greyburn) wrote :

I got this working by doing the following:

1) As the OP said, "Change the option owner("root") to owner("syslog") in the file /etc/syslog-ng/syslog-ng.conf distributed as part of the package.". Not sure this actually does anything, certainly doesn't start the process as "syslog" but it may be used for writing files.

2) Change the SYSLOGNG_OPTS="" in /etc/init.d/syslog-ng to read : SYSLOGNG_OPTS="-u syslog -g adm"

3) Change the pid location specified in /etc/init.d/syslog-ng FROM /var/run/ TO /var/run/syslog-ng/

4) /var/run/syslog-ng/ was already created by the syslog-ng package, which is a little odd given the default config doesn't use it. You will need to fix the permissions of this dir so the syslog user can write to it. 'chown syslog:adm /var/run/syslog-ng'

5) make sure all log files referenced by your syslog-ng config (/etc/syslog-ng/syslog-ng.conf) are owned by syslog:adm. Do not chown the whole directory or you will have problems.

5) restart syslog-ng

6) sleep better knowing syslog is no longer running as root :)