Packetwatch.net

Syslog-ng in MythDora



Last modified: Jan. 26, 2010

Contents
1 - Summary
2 - Syslog-ng installation
3 - Service configuration
4 - Service check


1 - Summary

This guide will show how to install syslog-ng in MythDora. Syslog-ng is a
system logging application. This has been tested in MythDora 10.21.


2 - Syslog-ng installation

Install the syslog-ng package.
# sudo yum -y install syslog-ng
[sudo] password for user: 


3 - Service configuration

Check to make sure that the syslog service is running and the syslog-ng service
is not running.
# sudo chkconfig --list | grep -i syslog
[sudo] password for user: 
rsyslog         0:off   1:off   2:on    3:on    4:on    5:on    6:off
syslog-ng       0:off   1:off   2:off   3:off   4:off   5:off   6:off
# sudo service rsyslog status
[sudo] password for user: 
rsyslogd (pid 1963) is running...
# sudo service syslog-ng status
[sudo] password for user: 
syslog-ng is stopped

Find where the syslog-ng daemon was installed to.
# rpm -ql syslog-ng-* | grep sbin
/sbin/syslog-ng

Edit the sysconfig script to have the following.
  SYSLOGNG_OPTIONS="-p /var/run/syslog-ng.pid"
# sudo vi /etc/sysconfig/syslog-ng 
[sudo] password for user: 

Enable the syslog-ng service so that it will start when the system starts and
disable syslog so it won't start when the system starts up.
# sudo chkconfig --list | grep -i syslog
[sudo] password for user: 
rsyslog         0:off   1:off   2:on    3:on    4:on    5:on    6:off
syslog-ng       0:off   1:off   2:off   3:off   4:off   5:off   6:off
# sudo chkconfig rsyslog off
[sudo] password for user: 
# sudo chkconfig syslog-ng on
[sudo] password for user: 
# sudo chkconfig --list | grep syslog
[sudo] password for user: 
rsyslog         0:off   1:off   2:off   3:off   4:off   5:off   6:off
syslog-ng       0:off   1:off   2:on    3:on    4:on    5:on    6:off

Find where the configuration file should be put.
# grep syslog-ng.conf /etc/rc.d/init.d/syslog-ng 
# config:      /etc/syslog-ng/syslog-ng.conf
    echo -n $"Reloading syslog-ng.conf file: "
# strings /sbin/syslog-ng | grep syslog-ng.conf
  -f <fname>, --cfgfile=<fname>    Set config file name, default=/etc/syslog-ng/syslog-ng.conf
/etc/syslog-ng/syslog-ng.conf

You can now create your own syslog-ng.conf configuration file. You can use the
following for your source.
  source local { internal(); file("/proc/kmsg" log_prefix("kernel: ")); unix-stream("dev/log"); }
# rpm -ql syslog-ng-# | grep syslog-ng.conf
/etc/syslog-ng/syslog-ng.conf
/usr/share/doc/syslog-ng-*/syslog-ng.conf.doc
/usr/share/doc/syslog-ng-*/syslog-ng.conf.sample
/usr/share/man/man5/syslog-ng.conf.5.gz
# sudo cp /etc/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf.example
[sudo] password for user: 
# sudo vi /etc/syslog-ng/syslog-ng.conf
[sudo] password for user: 
# sudo /sbin/syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf
[sudo] password for user: 

Stop the syslog service and start the syslog-ng service.
# sudo /sbin/service rsyslog stop
[sudo] password for user: 
Shutting down system logger: [  OK  ]
# sudo /sbin/service syslog-ng start
[sudo] password for user: 
Starting syslog-ng: [  OK  ]
# sudo cat /var/run/syslog-ng.pid 
[sudo] password for user: 
17241


4 - Service check

Reboot your computer. Log in like normal and check to see that the syslog
service isn't running and the syslog-ng service is running. That's it, now you
have syslog-ng running in MythDora.
# sudo shutdown -r now
[sudo] password for user: 
# sudo service rsyslog status
[sudo] password for user: 
rsyslogd is stopped
# sudo service syslog-ng status
[sudo] password for user: 
syslog-ng (pid  1953) is running...


Last modified: Thu Jan 1 00:00:00 1970 UTC
Packetwatch Research 2002-2017.