Installing syslog-ng

This chapter explains how to install syslog-ng Premium Edition on the supported platforms using the precompiled binary files.

■ The syslog-ng PE application features a unified installer package with identical look on every supported Linux and UNIX platforms. The generic installer, as well as installing platform-specific (for example, RPM) is described in the following sections.

■ For details on installing syslog-ng PE on Microsoft Windows, see Procedure 3.8, Installing syslog-ng PE on Windows platforms (p. 43).

■ For details on installing the syslog-ng Agent for Windows application, see Chapter 2, Installing the syslog-ng Agent in The syslog-ng Agent for Windows 5 F3 Administrator Guide.

■ For details on installing syslog-ng PE on IBM System i, see The syslog-ng Agent for IBM System i Administrator Guide.

■ For details on installing FIPS-compliant syslog-ng PE, see Chapter 11, FIPS-compliant syslog-ng (p. 303).

The syslog-ng PE binaries include all required libraries and dependencies of syslog-ng PE, only thencurses library is required as an external dependency (syslog-ng PE itself does not use the ncurses library, it is required only during the installation). The components are installed into the /opt/syslog-ng directory. It can automatically re-use existing configuration and license files, and also generate a simple configuration automatically into the/opt/syslog-ng/etc/syslog-ng.conffile.

Note

There are two versions of every binary release. The one with theclientsuffix does not include the libraries required to log into SQL databases. If you are installing syslog-ng PE in client or relay mode, or you do not use thesql()destination, use these binaries. That way no unnecessary components are installed to your system.

The syslog-ng PE application can be installed interactively following the on-screen instructions as described in Section 3.3, Installing syslog-ng using the .run installer (p. 29), and also without user interaction using the silent installation option — see Section 3.3.3, Installing syslog-ng PE without user-interaction (p. 37).

3.1. Prerequisites to installing syslog-ng PE

The binary installer packages of syslog-ng Premium Edition include every required dependency for most platforms, only thencurses library is required as an external dependency (syslog-ng PE itself does not use the ncurses library, it is required only during the installation). However, the following platforms require the following patches for syslog-ng PE:

HP-UX

Note

To install syslog-ng PE version 4 F1 on HP-UX (PARISC), the following patches must be installed on the host:

PHCO_24402, PHCO_38279, PHKL_31918, PHSS_30049.

The patch kits are available at http://www.hp.com/ for customers with valid support contract.

Solaris

Table 3.1. Supported platforms and generated packages

3.2. Security-enhanced Linux: grsecurity, SELinux

Security-enhanced Linux solutions such as grsecurity or SELinux can interfere with the operation of syslog-ng PE. The syslog-ng PE application supports these security enhancements as follows:

■ grsecurity: Version syslog-ng PE 5 F2 and later can be run on hosts using grsecurity, with the following limitations: using the Oracle SQL source and destination is not supported.

■ SELinux: Version syslog-ng PE 5 F2 and later properly supports SELinux on Red Hat Enterprise Linux 6.5 and newer platforms. The CentOS platforms corresponding to the supported RHEL versions are supported as well. For details, see Procedure 3.5, Using syslog-ng PE on SELinux (p. 39).

3.3. Installing syslog-ng using the .run installer

Warning

If you already had syslog-ng Open Source Edition (OSE) installed on the host, and are upgrading to syslog-ng Premium Edition, make sure that the${SYSLOGNG_OPTIONS}environmental variable does not contain a-p <path-to-pid-file>

option. If it does, remove this option from the environmental variable, because it can prevent syslog-ng PE from stopping properly. Typically, the environmental variable is set in the files /etc/default/syslog-ng or /etc/sysconfig/syslog-ng, depending on the operating system you use.

This section describes how to install the syslog-ng PE application interactively using the binary installer. The installer has a simple interface: use the TAB or the arrow keys of your keyboard to navigate between the options, and Enter to select an option.

■ To install syslog-ng PE on clients or relays, complete Procedure 3.3.1, Installing syslog-ng PE in client or relay mode (p. 30).

■ To install syslog-ng PE on your central log server, complete Procedure 3.3.2, Installing syslog-ng PE in server mode (p. 33).

■ To install syslog-ng PE without any user-interaction, complete Section 3.3.3, Installing syslog-ng PE without user-interaction (p. 37).

Note

The installer stops the running syslogd application if it is running, but its components are not removed. The /etc/init.d/sysklogdinit script is automatically renamed to/etc/init.d/sysklogd.backup. Rename this file to its original name if you want to remove syslog-ng or restart the syslogd package.

3.3.1. Procedure – Installing syslog-ng PE in client or relay mode

Purpose:

Complete the following steps to install syslog-ng Premium Edition on clients or relays. For details on the different operation modes of syslog-ng PE, see Section 2.3, Modes of operation (p. 9).

Steps:

Note

The native logrotation tools do not send a SIGHUP to syslog-ng after rotating the log files, causing syslog-ng to write into files already rotated. To solve this problem, the syslog-ng init script links the/var/run/syslog.pidfile to syslog-ng's pid. Also, on Linux, theinstall.shscript symlinks the initscript of the original syslog daemon to syslog-ng's initscript.

Step 1. Login to your MyBalaBit account and download the syslog-ng PE installer package.

Step 2. Enable the executable attribute for the installer using the chmod +x syslog-ng-<edition>-<version>-<OS>-<platform>.run, then start the installer as root using the ./syslog-ng-<edition>-<version>-<OS>-<platform>.run command. (Note that the exact name of the file depends on the operating system and platform.) Wait until the package is uncompressed and the welcome screen appears, then select Continue.

Figure 3.1. The welcome screen

Step 3. Accepting the EULA: You can install syslog-ng PE only if you understand and accept the terms of the End-User License Agreement (EULA). The full text of the EULA can be displayed during installation by selecting the Show EULA option, and is also available in this guide for convenience at Appendix B, License contract for BalaBit Product (p. 419). Select Accept to accept the EULA and continue the installation.

If you do not accept the terms of the EULA for some reason, select Reject to cancel installing syslog-ng PE.

Step 4. Detecting platform and operating system: The installer attempts to automatically detect your oprating system and platform. If the displayed information is correct, select Yes. Otherwise select Exit to abort the installation, and verify that your platform is supported. For a list of supported platforms, see Section 1.6, Supported platforms (p. 3). If your platform is supported but not detected correctly, contact your local distributor, reseller, or the BalaBit Support Team. For contact details, see Section 5, Contact and support information (p. xvii).

Figure 3.2. Platform detection

Step 5. Installation path: Enter the path to install syslog-ng PE to. This is useful if you intend to install syslog-ng PE without registering it as a service, or if it cannot be installed to the default location because of policy compliance reasons. If no path is given, syslog-ng PE is installed to the default folder.

Figure 3.3. Installation path

Note

When installing syslog-ng PE to an alternative path on AIX, HP-UX, or Solaris platforms, set the CHARSETALIASDIRenvironmental variable to thelibsubdirectory of the installation path. That way syslog-ng PE can find thecharset.aliasfile.

Step 6. Registering as syslog service: Select Register to register syslog-ng PE as the syslog service. This will stop and disable the default syslog service of the system.

Figure 3.4. Registering as syslog service