Packetwatch.net

Syslog-ng in OpenBSD 3.6



Last modified: Jul. 26, 2008

Contents
1 - Summary
2 - Syslog-ng Installation
3 - Service Configuration
4 - Service Check


1 - Summary

This little guide will show you how to install syslog-ng in OpenBSD 3.6. For
this guide to work you will need to be running OpenBSD 3.6.


2 - Syslog-ng Installation

Download the newest syslog-ng package from the OpenBSD ftp site. The newest
version is 1.6.4. Now, install syslog-ng.

# sudo pkg_add syslog-ng-1.6.4.tgz
# sudo mkdir /etc/syslog-ng
# cd /usr/local/share/examples/syslog-ng
# sudo cp syslog-ng.conf.sample /etc/syslog-ng/syslog-ng.conf


3 - Service Configuration

Edit the /etc/rc network script so that syslog-ng will start when the system
starts up and not syslog.

# sudo vi /etc/rc

	Comment out the following lines:

		syslogd_flags="${syslogd_flags} -a /var/named/dev/log"
		syslogd_flags="${syslogd_flags} -a /var/empty/dev/log"

	Delete the following line:

		syslogd ${syslogd_flags}

	Add the following right where you deleted the previous line:

		if [ X"${syslog_ng}" == X"YES" ]; then
			/usr/local/sbin/syslog-ng ${syslog_ng_flags}
		fi

Configure /etc/rc.conf, so the syslog-ng service will start at boot time.

# sudo vi /etc/rc.conf

	Somewhere in the file add the following:

		syslog_ng=YES
		syslog_ng_flags="-p /var/run/syslog-ng.pid"

You can now create your own syslog-ng.conf file if you like. You can use the
following for your source.

source local { internal(); pipe("/dev/klog" log_prefix("kernel: ")); unix-dgram("/dev/log"); };

# sudo cp /etc/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf.original
# sudo vi /etc/syslog-ng/syslog-ng.conf

Stop the syslog service, and start the syslog-ng service.

# sudo kill -9 `cat /var/run/syslogd.pid`
# sudo /usr/local/sbin/syslog-ng -p /var/run/syslog-ng.pid


4 - Service Check

Reboot your computer. Log in like normal, and check to see that the syslog
service isn't running and the syslog-ng service is running. That's it, now you
have syslog-ng running on OpenBSD 3.6.

# sudo cat /var/run/syslog-ng.pid


Last modified: Thu Jan 1 00:00:00 1970 UTC
Packetwatch Research 2002-2017.