Packetwatch.net

Syslog-ng 2 in Sun Solaris 9



Last modified: Aug. 4, 2008

Contents
1 - Summary
2 - Dependencies
3 - Syslog-ng installation
4 - Service configuration
5 - Service check


1 - Summary

This little guide will show you how to install syslog-ng 2 in Sun Solaris 9.
The packages are found at http://www.sunfreeware.com/. For this guide to
work you will need to be running Sun Solaris 9.


2 - Dependencies

You will need the following packages installed as dependencies. The
dependencies need to be installed in the following order.
# gunzip libiconv-1.11-sol9-sparc-local.gz
# gunzip glib-2.14.1-sol9-sparc-local.gz
# gunzip eventlog-0.2.5-sol9-sparc-local.gz
# sudo pkgadd -d libiconv-1.11-sol9-sparc-local
# sudo pkgadd -d glib-2.14.1-sol9-sparc-local
# sudo pkgadd -d eventlog-0.2.5-sol9-sparc-local


3 - Syslog-ng installation

Install the syslog-ng2 package.
# gunzip syslogng-2.0.5-sol9-sparc-local.gz
# pkgadd -d syslogng-2.0.5-sol9-sparc-local


4 - Service configuration

Find where the syslog-ng.conf file should be put.
# sudo strings /usr/local/sbin/syslog-ng | grep syslog-ng.conf
  -f , --cfgfile=    Set config file name, default=/usr/local/etc/syslog-ng.conf
/usr/local/etc/syslog-ng.conf

Copy the sample Sun Solaris config file.
# cd /usr/local/doc/syslogng/doc/examples
# sudo cp syslog-ng.conf.solaris /usr/local/etc/syslog-ng.conf
# sudo chown root:root /usr/local/etc/syslog-ng.conf
# sudo chmod 644 /usr/local/etc/syslog-ng.conf

Copy the init.d script to the correct location and change the file ownership
and permissions on the file to be executable. Edit it to have the following.
Make the following symbolic links to the init.d script.

  OPTIONS="-f /usr/local/etc/syslog-ng.conf"
  if [ -f /usr/local/etc/syslog-ng.conf -a -f /usr/local/sbin/syslog-ng ]; then
  $DAEMON $OPTIONS -p /var/run/syslog-ng.pid
  if [ -f /var/run/syslog-ng.pid ]; then
  syspid=`/usr/bin/cat /var/run/syslog-ng.pid`
  [ "$syspid" -gt 0 ] && kill -15 $syspid && rm /var/run/syslog-ng.pid

# cd /usr/local/doc/syslogng/contrib
# sudo cp init.d.solaris /etc/init.d/syslog-ng
# sudo chown root:sys /etc/init.d/syslog-ng
# sudo chmod u+x /etc/init.d/syslog-ng
# sudo vi /etc/init.d/syslog-ng
# sudo ls -1 /etc/rc*.d/***syslog
/etc/rc0.d/K40syslog
/etc/rc1.d/K40syslog
/etc/rc2.d/S74syslog
/etc/rcS.d/K40syslog
# sudo cp /etc/init.d/syslog-ng /etc/rc0.d/K40syslog-ng
# sudo cp /etc/init.d/syslog-ng /etc/rc1.d/K40syslog-ng
# sudo cp /etc/init.d/syslog-ng /etc/rc2.d/S74syslog-ng
# sudo cp /etc/init.d/syslog-ng /etc/rcS.d/K40syslog-ng
# sudo chown root:sys /etc/rc0.d/K40syslog-ng
# sudo chown root:sys /etc/rc1.d/K40syslog-ng
# sudo chown root:sys /etc/rc2.d/S74syslog-ng
# sudo chown root:sys /etc/rcS.d/K40syslog-ng

You can now create your own syslog-ng.conf file if you like. You can use the
following for your source. Check the correctness of the configuration file.

  source local { internal(); sun-streams("/dev/log" door("/etc/.syslog_door")); };

# sudo cp /usr/local/etc/syslog-ng.conf /usr/local/etc/syslog-ng.conf.original
# sudo vi /usr/local/etc/syslog-ng.conf
# sudo /usr/local/sbin/syslog-ng -v -s -f /usr/local/etc/syslog-ng.conf

Stop the syslog service then move the init.d files. Also modify
/etc/logadm.conf to have the following.

  /var/log/syslog -C 8 -P 'Sun Oct 14 08:10:00 2007' -a 'kill -HUP `cat /var/run/syslog-ng.pid`'
  /var/adm/messages -C 4 -P 'Sun Oct 14 08:10:00 2007' -a 'kill -HUP `cat /var/run/syslog-ng.pid`'

# sudo /etc/init.d/syslog stop
# sudo rm -f /etc/syslog.pid
# sudo rm -f /var/run/syslog.pid
# sudo mkdir -p /root/backups
# sudo mkdir /root/backups/init.d
# sudo mkdir /root/backups/rc0.d
# sudo mkdir /root/backups/rc1.d
# sudo mkdir /root/backups/rc2.d
# sudo mkdir /root/backups/rcS.d
# sudo cp /etc/logadm.conf /etc/logadm.conf.original
# sudo vi /etc/logadm.conf
# sudo mv /etc/syslog.conf* /root/backups/
# sudo mv /etc/init.d/syslog /root/backups/init.d/
# sudo mv /etc/rc0.d/K40syslog /root/backups/rc0.d/
# sudo mv /etc/rc1.d/K40syslog /root/backups/rc1.d/
# sudo mv /etc/rc2.d/S74syslog /root/backups/rc2.d/
# sudo mv /etc/rcS.d/K40syslog /root/backups/rcS.d/
# sudo rm -f /etc/rc0.d/K40syslog
# sudo rm -f /etc/rc1.d/K40syslog
# sudo rm -f /etc/rc2.d/S74syslog
# sudo rm -f /etc/rcS.d/K40syslog

Start the syslog-ng service, and then reboot the computer.
# sudo /etc/init.d/syslog-ng start
syslog-ng service starting.
# sudo reboot


5 - Service check

Log in like normal and check to see that the syslog-ng service is running.
That's it, now you have syslog-ng running on Sun Solaris 9.
# sudo ls -1 /var/run/syslog-ng.pid
/var/run/syslog-ng.pid


Last modified: Thu Jan 1 00:00:00 1970 UTC
Packetwatch Research 2002-2017.