Last modified: Feb. 14, 2009
Contents
1 - Summary
2 - Dependencies
3 - Syslog-ng installation
4 - Service configuration
5 - Service check
1 - Summary
This guide will show how to install syslog-ng in Red Hat Enterprise Linux.
Syslog-ng is a system logging application. This has been tested in Red Hat
Enterprise Linux 4 and 5.
2 - Dependencies
Libevtlog is a dependency that is needed. This can be downloaded at
http://www.balabit.com/. Download and install the Red Hat package.
# cd ~
# wget http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/
dists/rhel-$rel/syslog-ng-*/$arch/RPMS.syslog-ng/libevtlog0-*.$arch.rpm
# sudo rpm -ivh libevtlog0-*.$arc.rpm
3 - Syslog-ng installation
Syslog-ng can be dowloaded at http://www.balabit.com/. Download and install
the Red Hat package.
# cd ~
# wget http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/
dists/rhel-$rel/syslog-ng-*/$arch/RPMS.syslog-ng/syslog-ng-*.$arch.rpm
# sudo rpm -ivh syslog-ng-*.$arch.rpm
4 - Service configuration
Stop the syslog-ng service and start the syslog service.
# sudo /sbin/service syslog-ng stop
Shutting down syslog-ng: [ OK ]
# sudo /sbin/service syslog start
Starting system logger: [ OK ]
Starting kernel logger: [ OK ]
Find where the syslog-ng daemon was installed to.
# rpm -ql syslog-ng-* | grep sbin
/sbin/syslog-ng
Enable the syslog-ng service so that it will start when the system starts
and disable syslog so it won't start when the system starts up.
# sudo /sbin/chkconfig --list | grep syslog
syslog-ng 0:off 1:off 2:on 3:on 4:on 5:on 6:off
# sudo /sbin/chkconfig syslog off
# sudo /sbin/chkconfig syslog-ng on
# sudo /sbin/chkconfig --list | grep syslog
syslog-ng 0:off 1:off 2:on 3:on 4:on 5:on 6:off
syslog 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Find where the configuration file should be put.
# grep syslog-ng.conf /etc/rc.d/init.d/syslog-ng
# strings /sbin/syslog-ng | grep syslog-ng.conf
-f , --cfgfile= Set config file name, default=/etc/syslog-ng/syslog-ng.conf
/etc/syslog-ng/syslog-ng.conf
You can now create your own syslog-ng.conf file. You can use the following for
your source.
source local { internal(); file("/proc/kmsg" log_prefix("kernel: ")); unix-stream("/dev/log"); };
# rpm -ql syslog-ng-* | grep syslog-ng.conf
/etc/syslog-ng/syslog-ng.conf
/usr/share/man/man5/syslog-ng.conf.5.gz
# sudo cp /etc/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf.example
# sudo vi /etc/syslog-ng/syslog-ng.conf
# sudo /sbin/syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf
You will need to configure SELinux appropriately. SELinux status can be found
by running sestatus.
# sudo /usr/sbin/sestatus | grep status:
SELinux status: enabled
Stop the syslog service and start the syslog-ng service.
# sudo /sbin/service syslog stop
Shutting down kernel logger: [ OK ]
Shutting down system logger: [ OK ]
# sudo /sbin/service syslog-ng start
Starting syslog-ng: [ OK ]
# sudo cat /var/run/syslog-ng.pid
3905
5 - Service check
Reboot your computer. Log in like normal and check to see that the syslog
service isn't running and the syslog-ng service is running. That's it, now
you have syslog-ng running in Red Hat Enterprise Linux.
# sudo /sbin/shutdown -r now
# sudo /sbin/service syslog status
syslogd is stopped
klogd is stopped
# sudo /sbin/service syslog-ng status
syslog-ng (pid 1878) is running...
|