[rsyslog] Need help with RPM(yum) version on CentOS

Fri Sep 4 07:25:47 CEST 2009

On 9/3/09, Ori Bani <oribani at gmail.com> wrote:
>>> I'm sorry if this isn't quite the right place to ask, since maybe no
>>> one here created the RPM that's in the CentOS base repository.  But I
>>> am guessing people here have installed RPMs like this before and can
>>> help anyway....
>>>
>>> When I ask yum on CentOS 5 about rsyslog, I get this (note older
>>> version - too bad):
>>>
>>> Available Packages
>>> Name   : rsyslog
>>> Arch   : i386
>>> Version: 2.0.6
>>> Release: 1.el5
>>> Size   : 198 k
>>> Repo   : base
>>> Summary: Enhanced system logging and kernel message trapping daemons
>>> Description:
>>> Rsyslog is an enhanced multi-threaded syslogd supporting, among
>>> others, MySQL, syslog/tcp, RFC 3195, permitted sender lists,
>>> filtering on any message part, and fine grain output format control.
>>> It is quite compatible to stock sysklogd and can be used as a drop-
>>> in replacement. Its advanced features make it suitable for
>>> enterprise-class, encryption protected syslog relay chains while at
>>> the same time being very easy to setup for the novice user.
>>
>> I use Scientific Linux 5.x and because they are RHEL derivatives I see
>> the
>> same thing in the SL repo's.
>>
>> I have used the rsyslog from the repo's yet, all my rsyslog servers are
>> based
>> on EL4, but I'll try to help below.
>
> Thank you for your help.
>
>>> My questions are a little bit newbie...  before I try installing
>>> this, I want to know what it's going to do to my system:
>>>
>>> 1) Will it disable syslogd and/or klogd?  Or will it add itself using
>>> the "alternatives" paradigm so I can switch between them that way?
>>>  If neither, does it include startup scripts at all?  If they are there
>>> but not used by default, is there a recommended way to make the
>>> switch and not really screw things up?
>>
>> You should try this on a test box. I haven't tried it but I think it
>> should
>> remove syslog RPM's from your installation and then install rsyslog. It
>> should
>> also make a /etc/syslog.conf.rpmsave file which you can reference for use
>> in
>> /etc/rsyslog.conf
>
> I wouldn't actually expect it to remove any other packages - I've
> never seen a yum installation remove something else - that seems like
> trouble.  In fact, it turns out that it didn't do a thing to
> syslog/ksyslogd.  It just installed itself in parallel (and it's up to
> you to turn it on).  Everything is in place (startup scripts, config
> file that is a mirror of syslog.conf, etc.) and you just have to
>
> chkconfig syslog off
> chkconfig rsyslog on
> service syslog stop
> service rsyslog start
>
> I guess if you're going to be more permanent:
>
> chkconfig --del syslog
> chkconfig --add rsyslog

I don't think that last line is needed; rsyslog is already added for
you during the install process by yum.

> And use yum to remove ksyslogd/syslog
>
>>> 2) Will it add itself to my cron jobs?  Specifically, I don't mind
>>> (for now) leaving the log rotation alone (don't let rsyslog manage my
>>> rotations).  If it adds itself to my cron jobs, does that mean it
>>> will remove the logrotate cron job?
>>
>> Not sure sorry. You should grab the src.rpm file from CentOS, install it
>> and
>> take a look at the rsyslog.spec and it'll show you what it does on the
>> post
>> install section.
>
> That's above my skill level.  Instead I tried it out.  It also adds
> itself to /etc/logrotate.d/syslog so you don't have to touch any of
> this.  Here is the modified file:
>
> /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler
> /var/log/boot.log /var/log/cron {
>     sharedscripts
>     postrotate
>         /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2>
> /dev/null || true
>         /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2>
> /dev/null || true
>     endscript
> }
>
> As you see, it left syslog there and added rsyslog.  Because I have
> turned off syslog, this won't suddenly start it up, will it?
>
>>> 2.5) If I keep using the old logrotate with rsyslog, will that create
>>> any conflicts?
>>
>> I don't see how any conflicts will occur with logroate, since rsyslog
>> basically logs to the same files that syslog logs to. It's meant to be a
>> drop
>> in replacement.
>>
>> Maybe specific questions about rsyslog with CentOS (or other derivatives)
>> would actually be better in the CentOS or Scientific Linux mailing lists?
>
> I did, but it didn't help.  That's disappointing.
>
> https://www.centos.org/modules/newbb/viewtopic.php?topic_id=21844&start=0#forumpost83694
>
>>> Generally my aim is not to commit 100% to rsyslog yet, so I don't
>>> want to get to a situation where it's a lot of work to get back to
>>> the default syslog setup.
>