Logging with syslog-ng
Chapter 3. Installing syslog-ng
3.1. Installing syslog-ng using the .run installer
This section describes how to install the syslog-ng application interactively using the binary installer. The installer has a simple interface: use the TAB or the arrow keys of your keyboard to navigate between the options, and Enter to select an option.
The syslog-ng binaries include all required libraries and dependencies of syslog-ng. The components are installed into the/opt/syslog-ngdirectory. It can automatically re-use existing configuration files, and also generate a simple configuration automatically into the/opt/syslog-ng/etc/syslog-ng.conffile.
Note
There are two versions of every binary release. The one with theclientsuffix does not include the libraries required to log into SQL databases. If you are installing syslog-ng in client or relay mode, or you do not use thesql()destination, use these binaries. That way no unnecessary components are installed to your system.
The syslog-ng application can be installed interactively following the on-screen instructions as described in Section 3.1, Installing syslog-ng using the .run installer (p. 18), and also without user interaction using the silent installation option
— see Section 3.1.3, Installing syslog-ng without user-interaction (p. 23).
■ To install syslog-ng on clients or relays, complete Procedure 3.1.1, Installing syslog-ng in client or relay mode (p. 19).
■ To install syslog-ng on your central logserver, complete Procedure 3.1.2, Installing syslog-ng in server mode (p. 21).
■ To install syslog-ng without any user-interaction, complete Section 3.1.3, Installing syslog-ng without user-in-teraction (p. 23).
Note
The installer stops the running syslogd application if it is running, but its components are not removed. The /etc/init.d/sysklogdinit script is automatically renamed to/etc/init.d/sysklogd.backup. Rename this file to its original name if you want to remove syslog-ng or restart the syslogd package.
Installing syslog-ng using the .run installer
3.1.1. Procedure – Installing syslog-ng in client or relay mode
Purpose:Complete the following steps to install syslog-ng Open Source Edition on clients or relays. For details on the dif-ferent operation modes of syslog-ng, see Section 2.3, Modes of operation (p. 6).
Steps:
Note
The native logrotation tools do not send a SIGHUP to syslog-ng after rotating the log files, causing syslog-ng to write into files already rotated. To solve this problem, the syslog-ng init script links the/var/run/syslog.pidfile to syslog-ng's pid. Also, on Linux, theinstall.shscript symlinks the initscript of the original syslog daemon to syslog-ng's initscript.
Step 1. Enable the executable attribute for the installer using the chmod +x
syslog-ng-<edition>-<version>-<OS>-<platform>.run, then start the installer as root using the./syslog-ng-<edition>-<version>-<OS>-<platform>.runcommand. (Note that the exact name of the file depends on the operating system and platform.) Wait until the package is uncompressed and the welcome screen appears, then select Continue.
Figure 3.1. The welcome screen Step 2. Accepting the EULA: You can install syslog-ng only if you understand and accept the terms of the End-User License Agreement (EULA). The full text of the EULA can be displayed during installation by selecting the Show EULA option, and is also available in this guide for convenience at Appendix 3, GNU General Public License (p. 231). Select Accept to accept the EULA and continue the installation.
If you do not accept the terms of the EULA for some reason, select Reject to cancel installing syslog-ng.
Step 3. Detecting platform and operating system: The installer attempts to automatically detect your oprating system and platform. If the displayed information is correct, select Yes. Otherwise select Exit to abort the installation, and verify that your platform is supported. For a list of supported platforms, see Section 1.6, Supported plat-forms (p. 3). If your platform is supported but not detected correctly, contact your local distributor, reseller, or the BalaBit Support Team. For contact details, see Section 5, Contact and support information (p. xiii).
Installing syslog-ng using the .run installer
Figure 3.2. Platform detection Step 4. Upgrading: The syslog-ng installer can automatically detect if you have previously installed a version of syslog-ng on your system. To use the configuration file of this previous installation, select Yes. To ignore the old configuration file and create a new one, select No.
Note that if you decide to use your existing configuration file, the installer automatically checks it for syntax error and displays a list of warnings and errors if it finds any problems.
Figure 3.3. Upgrading syslog-ng
Step 5. Generating a new configuration file: The installer displays some questions to generate a new configuration file.
Step a. Remote sources: Select Yes to accept log messages from the network. TCP, UDP, and SYS-LOG messages on every interface will be automatically accepted.
Figure 3.4. Accepting remote messages Step b. Remote destinations: Enter the IP address or hostname of your logserver or relay and select
OK.
Installing syslog-ng using the .run installer
Figure 3.5. Forwarding messages to the logserver
Note
Accepting remote messages and forwarding them to a logserver means that syslog-ng will start in relay mode.
Step 6. After the installation is finished, add the/opt/syslog-ng/binand/opt/syslog-ng/sbindirectories to your search PATH environment variable. That way you can use syslog-ng and its related tools without having to specify the full pathname. Add the following line to your shell profile:
PATH=/opt/syslog-ng/bin:$PATH
3.1.2. Procedure – Installing syslog-ng in server mode
Purpose:Complete the following steps to install syslog-ng on logservers. For details on the different operation modes of syslog-ng, see Section 2.3, Modes of operation (p. 6).
Steps:
Step 1. Enable the executable attribute for the installer using the chmod +x
syslog-ng-<edition>-<version>-<OS>-<platform>.run, then start the installer as root using the./syslog-ng-<edition>-<version>-<OS>-<platform>.runcommand. (Note that the exact name of the file depends on the operating system and platform.) Wait until the package is uncompressed and the welcome screen appears, then select Continue.
Figure 3.6. The welcome screen Step 2. Accepting the EULA: You can install syslog-ng only if you understand and accept the terms of the End-User License Agreement (EULA). The full text of the EULA can be displayed during installation by selecting
Installing syslog-ng using the .run installer
the Show EULA option, and is also available in this guide for convenience at Appendix 3, GNU General Public License (p. 231). Select Accept to accept the EULA and continue the installation.
If you do not accept the terms of the EULA for some reason, select Reject to cancel installing syslog-ng.
Step 3. Detecting platform and operating system: The installer attempts to automatically detect your oprating system and platform. If the displayed information is correct, select Yes. Otherwise select Exit to abort the installation, and verify that your platform is supported. For a list of supported platforms, see Section 1.6, Supported plat-forms (p. 3). If your platform is supported but not detected correctly, contact your local distributor, reseller, or the BalaBit Support Team. For contact details, see Section 5, Contact and support information (p. xiii).
Figure 3.7. Platform detection Step 4. Upgrading: The syslog-ng installer can automatically detect if you have previously installed a version of syslog-ng on your system. To use the configuration file of this previous installation, select Yes. To ignore the old configuration file and create a new one, select No.
Note that if you decide to use your existing configuration file, the installer automatically checks it for syntax error and displays a list of warnings and errors if it finds any problems.
Figure 3.8. Upgrading syslog-ng
Step 5. Generating a new configuration file: The installer displays some questions to generate a new configuration file.
Step a. Remote sources: Select Yes to accept log messages from the network. TCP, UDP, and SYS-LOG messages on every interface will be automatically accepted.
Installing syslog-ng using the .run installer
Figure 3.9. Accepting remote messages Step b. Remote destinations: Enter the IP address or hostname of your logserver or relay and select
OK.
Figure 3.10. Forwarding messages to the logserver
Note
Accepting remote messages and forwarding them to a logserver means that syslog-ng will start in relay mode.
Step 6. After the installation is finished, add the/opt/syslog-ng/binand/opt/syslog-ng/sbindirectories to your search PATH environment variable. That way you can use syslog-ng and its related tools without having to specify the full pathname. Add the following line to your shell profile:
PATH=/opt/syslog-ng/bin:$PATH
Note
The native logrotation tools do not send a SIGHUP to syslog-ng after rotating the log files, causing syslog-ng to write into files already rotated. To solve this problem, the syslog-ng init script links the/var/run/syslog.pidfile to syslog-ng's pid. Also, on Linux, theinstall.shscript symlinks the initscript of the original syslog daemon to syslog-ng's initscript.
3.1.3. Installing syslog-ng without user-interaction
The syslog-ng application can be installed in silent mode without any user-interaction by specifying the required parameters from the command line. Answers to every question of the installer can be set in advance using command-line parameters.
./syslog-ng-<version>.run -- [options]
Installing syslog-ng without user-interaction
Warning
The -- characters between the executable and the parameters are mandatory, like in the following example:
./syslog-ng-3.0.1b-solaris-10-sparc-client.run -- --accept-eula
To display the list of parameters, execute the./syslog-ng-<version>.run -- --hcommand. Currently the following options are available:
■ --accept-eula or -a: Accept the EULA.
■ --upgrade | -u: Perform automatic upgrade — use the configuration file from an existing installation.
■ --remote <destination host>: Send logs to the specified remote server. Not available when performing an upgrade.
■ --network: Accept messages from the network. Not available when performing an upgrade.
■ --configuration <file>: Use the specified configuration file.