Ubuntu
rsyslog package

  1. Bug #388608
  2. Comment #10

Comment 10 for bug 388608

Revision history for this message
In , Rgerhards-j (rgerhards-j) wrote :

Currently, rsyslog can not read the kernel log once it has dropped privileges.

There has been an interesting note on the Ubuntu bug tracker [1] which recommends using linux capabilities and CAP_SYS_ADMIN in particular. Thanks to Michael Biebl for making me aware of that posting. I've dug a bit and found a good entry article [2] that convinced me this is a good solution. I just don't have the time to do it now, but hopefully within the next two month.

[1] https://bugs.launchpad.net/rsyslog/+bug/388608/comments/9
[2] http://www.linuxjournal.com/article/5737