[rsyslog] Need help with RPM(yum) version on CentOS

Ori Bani oribani at gmail.com
Fri Sep 4 07:21:08 CEST 2009 

>> I'm sorry if this isn't quite the right place to ask, since maybe no
>> one here created the RPM that's in the CentOS base repository.  But I
>> am guessing people here have installed RPMs like this before and can
>> help anyway....
>>
>> When I ask yum on CentOS 5 about rsyslog, I get this (note older
>> version - too bad):
>>
>> Available Packages
>> Name   : rsyslog
>> Arch   : i386
>> Version: 2.0.6
>> Release: 1.el5
>> Size   : 198 k
>> Repo   : base
>> Summary: Enhanced system logging and kernel message trapping daemons
>> Description:
>> Rsyslog is an enhanced multi-threaded syslogd supporting, among
>> others, MySQL, syslog/tcp, RFC 3195, permitted sender lists,
>> filtering on any message part, and fine grain output format control.
>> It is quite compatible to stock sysklogd and can be used as a drop-
>> in replacement. Its advanced features make it suitable for
>> enterprise-class, encryption protected syslog relay chains while at
>> the same time being very easy to setup for the novice user.
>
> I use Scientific Linux 5.x and because they are RHEL derivatives I see the
> same thing in the SL repo's.
>
> I have used the rsyslog from the repo's yet, all my rsyslog servers are
> based
> on EL4, but I'll try to help below.

Thank you for your help.

>> My questions are a little bit newbie...  before I try installing
>> this, I want to know what it's going to do to my system:
>>
>> 1) Will it disable syslogd and/or klogd?  Or will it add itself using
>> the "alternatives" paradigm so I can switch between them that way?
>>  If neither, does it include startup scripts at all?  If they are there
>> but not used by default, is there a recommended way to make the
>> switch and not really screw things up?
>
> You should try this on a test box. I haven't tried it but I think it should
> remove syslog RPM's from your installation and then install rsyslog. It
> should
> also make a /etc/syslog.conf.rpmsave file which you can reference for use in
> /etc/rsyslog.conf

I wouldn't actually expect it to remove any other packages - I've
never seen a yum installation remove something else - that seems like
trouble.  In fact, it turns out that it didn't do a thing to
syslog/ksyslogd.  It just installed itself in parallel (and it's up to
you to turn it on).  Everything is in place (startup scripts, config
file that is a mirror of syslog.conf, etc.) and you just have to

chkconfig syslog off
chkconfig rsyslog on
service syslog stop
service rsyslog start

I guess if you're going to be more permanent:

chkconfig --del syslog
chkconfig --add rsyslog

And use yum to remove ksyslogd/syslog

>> 2) Will it add itself to my cron jobs?  Specifically, I don't mind
>> (for now) leaving the log rotation alone (don't let rsyslog manage my
>> rotations).  If it adds itself to my cron jobs, does that mean it
>> will remove the logrotate cron job?
>
> Not sure sorry. You should grab the src.rpm file from CentOS, install it and
> take a look at the rsyslog.spec and it'll show you what it does on the post
> install section.

That's above my skill level.  Instead I tried it out.  It also adds
itself to /etc/logrotate.d/syslog so you don't have to touch any of
this.  Here is the modified file:

/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler
/var/log/boot.log /var/log/cron {
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2>
/dev/null || true
        /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2>
/dev/null || true
    endscript
}

As you see, it left syslog there and added rsyslog.  Because I have
turned off syslog, this won't suddenly start it up, will it?

>> 2.5) If I keep using the old logrotate with rsyslog, will that create
>> any conflicts?
>
> I don't see how any conflicts will occur with logroate, since rsyslog
> basically logs to the same files that syslog logs to. It's meant to be a
> drop
> in replacement.
>
> Maybe specific questions about rsyslog with CentOS (or other derivatives)
> would actually be better in the CentOS or Scientific Linux mailing lists?

I did, but it didn't help.  That's disappointing.

https://www.centos.org/modules/newbb/viewtopic.php?topic_id=21844&start=0#forumpost83694

>> Generally my aim is not to commit 100% to rsyslog yet, so I don't
>> want to get to a situation where it's a lot of work to get back to
>> the default syslog setup.

More information about the rsyslog mailing list