syslog-ng - Replacement for syslog ChangeLog

HOWTO


# syslog-ng 4.4.0
# ================
# This HOWTO covers the "Open Source Edition".  If you're interested in the
# "Premium Edition" go here:
# https://www.syslog-ng.com/products/log-management-software/

# GitHub release4.4.0

# syslog-ng 1.x used libol, syslog-ng 2.x used GLib and EventLog
# syslog-ng now includes EventLog in the source (lib/eventlog)
# I no longer use ~/src/syslog-ng/ or ~/installed/syslog-ng/ because there
# is now only the syslog-ng tarball, so ~/src/ and ~/installed/ are used
# below.
#
# If you have libol or libevent installed system-wide, try 'make uninstall'
# as root from the source.  As long as it has been ./configure'd that
# should work, look for ginstall in the output of 'make -n install' if not.

# Nearly every time I look for an upgrade, or at least when I update this
# HOWTO, I find that some or all of the old URLs no longer work.  The
# site has significant changes, regularly, not necessarily including
# redirects or links.  Also, you may find that several of the links in
# README.md no longer exist and just redirect you to the main page of a
# site, not the page you requested.  If you can't find something, try
# one of these, then look around for syslog-ng OSE:
#
# www.balabit.com
# www.syslog-ng.com
# Wikipedia: syslog-ng
# www.oneidentity.com
#
# The release announcement posts in the mailing list will include URLs
# that are valid at that time.

# GitHub: syslog-ng Releases
# syslog-ng mailing list
# syslog-ng Community
# syslog-bg blog
# syslog-ng Open Source Edition 3.38 - Administration Guide
# syslog-ng Open Source Edition 3.38 - Technical Documentation
# AxoSyslog Core documentation
# syslog-ng wiki (GitHub)

# Prerequisites:
# bison
# flex
# pkg-config >= 0.9.0
# Python (optional)
# tcp wrappers (optional)
# libdbi >= 0.9.0 (optional; for database support --enable-sql)
# GLib >= 2.32
# Maxmind GeoIP
# PCRE2 libpcre2-8 >= 10.0
# OpenSSL >= 0.9.8 (optional)
# libnet (optional; used for spoof-source support)
# Criterion >= 2.2.1 (optional; unit testing)
# json-c >= 0.9
# MongoDB libmongoc-1.0 >= 1.0.0 (optional)
# libESMTP (optional)
# protobuf
# protobuf-c
# libcurl
# zlib
# Hiredis >= 0.11.0e
# librabbitmq-c (optional)
# rdkafka >= 1.1.0 (optional)
# riemann-client >= 1.6.0 (optional)
# Java (optional)
# libcap (optional)
# AMQP (optional)
# Valgrind (optional)

# Get it
cd
test -f installed/syslog-ng-4.4.0.tar.gz &&
mv installed/syslog-ng-4.4.0.tar.gz .
test ! -f syslog-ng-4.4.0.tar.gz &&
wget https://github.com/syslog-ng/syslog-ng/releases/download/\
syslog-ng-4.4.0/syslog-ng-4.4.0.tar.gz

# Verify tarball w/ sha256sum:
# (this is from me, not the developers, so this only proves yours is the
# same as mine)
echo "583b147f3ec17fbc2dbbf31aafb1e3966237d7541313de5b41ea885dc16d93\
2e  syslog-ng-4.4.0.tar.gz" | sha256sum -c

# Extract the source
mkdir -p -m 0700 ~/src
find ~/src -type d -name "syslog-ng-*" -exec rm -r {} \;
cd ~/src
tar xzvf ~/syslog-ng-4.4.0.tar.gz
cd syslog-ng-4.4.0
test $UID = 0 && chown -R root:root .

# Read ./README.md and if upgrading, read ./NEWS.md

# --enable-dynamic-linking is for when you don't have the GLib static
# library (.a) but only have the shared (.so) one.  If you have both
# and leave that off, and syslog-ng will use the static library for
# GLib and EventLog.  ...meaning, if GLib is upgraded, you would have to
# re-compile and re-install syslog-ng to use the new GLib with it, rather
# than just restarting it.

# If you do need IPv6 support, you'll want to leave off --disable-ipv6 below

# I tried --enable-tcp-wrapper with 3.3.4 and 3.3.11, but it failed with
# undefined symbol: sock_host
# I didn't particularly care at the time and just stopped there.
# Either I didn't bother to try again until 3.19.1, or never noted any
# releases in between, but it did compile successfully with 3.19.1

# To build-in support for SQL destinations, pass --enable-sql
# That will use libdbi to then use MySQL/MariaDB, PostgreSQL, SQLite

# If you're building-in OpenSSL support and your OpenSSL is installed in the
# usual < 1.1.0 source-installed place, put this before the configure line
# (or lib64 if 64-bit):
LDFLAGS=-L/usr/local/ssl/lib CPPFLAGS=-I/usr/local/ssl/include \

# Configure the build for 64-bit:
test $(uname -m) = 'x86_64' &&
./configure --libdir=/usr/local/lib64 --mandir=/usr/local/man \
  --enable-dynamic-linking --with-module-dir=/usr/local/lib64/syslog-ng \
  --enable-tcp-wrapper --enable-sql --with-python=3.7 --disable-ipv6

# Configure the build for anything else:
test $(uname -m) != 'x86_64' &&
./configure --mandir=/usr/local/man --enable-dynamic-linking \
  --enable-tcp-wrapper --enable-sql --with-python=3.7 --disable-ipv6

# Build it
make

# Become root to install and configure it
su

# If you have klogd and syslogd installed from the Slackware 'sysklogd'
# package and want to get rid of them:
test -x /etc/rc.d/rc.syslog && /etc/rc.d/rc.syslog stop
sleep 2
test -f /var/run/klogd.pid && kill `cat /var/run/klogd.pid`
test -f /var/run/syslogd.pid && kill `cat /var/run/syslogd.pid`
sleep 2
killall klogd syslogd > /dev/null 2>&1
sleep 2
killall -9 klogd syslogd > /dev/null 2>&1
test -f /etc/syslog.conf &&
mv -f /etc/syslog.conf ~/backup/syslog.conf-`date +%Y%m%d`
test -x /sbin/removepkg && /sbin/removepkg sysklogd
rm -f /etc/rc.d/rc.syslog
# You may also want to zap logs in /var/log that you won't be using with
# syslog-ng (if there are any)

# If you have a config file from an old version in /etc/syslog-ng or
# /usr/local/etc/syslog-ng, move them to /usr/local/etc
test ! -f /usr/local/etc/syslog-ng.conf &&
( test -f /etc/syslog-ng/syslog-ng.conf &&
    mv -f /etc/syslog-ng/syslog-ng.conf /usr/local/etc/
   test ! -f /usr/local/etc/syslog-ng.conf &&
    test -f /usr/local/etc/syslog-ng/syslog-ng.conf &&
     mv -f /usr/local/etc/syslog-ng/syslog-ng.conf /usr/local/etc/ )
test -d /etc/syslog-ng && rmdir /etc/syslog-ng
test -d /usr/local/etc/syslog-ng && rmdir /usr/local/etc/syslog-ng

# Backup your existing configuration, if you have one
test -f /usr/local/etc/syslog-ng.conf &&
cp -a /usr/local/etc/syslog-ng.conf ~/backup/syslog-ng.conf-$(date +%Y%m%d)

# Remove old shared library files and symlinks to avoid issues
find /usr/local/lib*/ -type f -name "libsyslog-ng*" -exec rm {} \;
find /usr/local/lib*/ -type l -name "libsyslog-ng*" -exec rm {} \;

# Install it
make install
ldconfig

# Look in here for old files from previous versions, look for a date that
# is not today:
# /usr/local/lib64/syslog-ng/
# /usr/local/include/syslog-ng/

# Unless one is already there, a sample syslog-ng.conf and scl.conf will
# be installed to /usr/local/etc/  That handles plugins by including files
# in /usr/local/share/syslog-ng/include/scl/
#
# You may also want to check out contrib/syslog-ng.conf.RedHat
#
# Fix permissions on the configuration file (nobody but root needs to read
# it), if there is one
test -f /usr/local/etc/syslog-ng.conf &&
( chown root:root /usr/local/etc/syslog-ng.conf ; \
   chmod 640 /usr/local/etc/syslog-ng.conf )

# If you use Slackware >= 8.1 (or if you want to set an rc script to run it)
# you can grab this /etc/rc.d/rc.syslog replacement that'll handle
# syslog-ng.  If you don't use klogd, open up the script and set USE_KLOG
# to 0.  If you use Slackware < 8.1, add something to rc.local to run
# '/etc/rc.d/rc.syslog start'.
cd /etc/rc.d
test -f rc.syslog &&
( mv -f rc.syslog rc.syslog.old ; chmod 600 rc.syslog.old )
wget http://englanders.us/pub/linux/misc/rc.syslog
chmod 755 rc.syslog

# Set up logrotate to rotate the common log files:
test -d /etc/logrotate.d &&
( cd /etc/logrotate.d
   test -f syslog && mv -f syslog syslog.old
   wget http://englanders.us/pub/linux/misc/logrotate-syslog-ng -O syslog )

# If you've configured it and have the init-script in place, fire it up
test -x /etc/rc.d/rc.syslog && /etc/rc.d/rc.syslog start

# Make sure your non-root user can remove the source later
chown -R $(logname) .
chmod -R u+w .

# Become yourself again
exit

# Save the tarball for later
cd
mkdir -p -m 0700 installed
rm -f installed/syslog-ng*.tar.*
mv syslog-ng-4.4.0.tar.gz installed/

# If you're setting up a central logging server, check out the stunnel howto
# for an encrypted log connection with remote machines, or read through
# the following section in the documentation:
# Mutual authentication using TLS

List of HOWTOs

Web page itself last updated: 2023-12-20 8:06pm (EST -0500)
HOWTO last updated: 2023-09-25 10:40pm
Copyright © 2001-2024 Jason Englander. All Rights reserved.
[HTML5]