[rsyslog] Need help with RPM(yum) version on CentOS

Fri Sep 4 12:51:21 CEST 2009

I have nothing technically to add to this discussion, but I would like remind
you on the rsyslog wiki at 

http://wiki.rsyslog.com

There already is one entry, but for an older version, not sure if that helps:

http://wiki.rsyslog.com/index.php/Rsyslog_on_CentOS_success_story

In any case, I would appreciate if you could share any knowledge you gain via
the wiki.

Thanks,
Rainer

> -----Original Message-----
> From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> bounces at lists.adiscon.com] On Behalf Of Ori Bani
> Sent: Friday, September 04, 2009 7:21 AM
> To: rsyslog-users
> Subject: Re: [rsyslog] Need help with RPM(yum) version on CentOS
> 
> >> I'm sorry if this isn't quite the right place to ask, since maybe no
> >> one here created the RPM that's in the CentOS base repository.  But
> I
> >> am guessing people here have installed RPMs like this before and can
> >> help anyway....
> >>
> >> When I ask yum on CentOS 5 about rsyslog, I get this (note older
> >> version - too bad):
> >>
> >> Available Packages
> >> Name   : rsyslog
> >> Arch   : i386
> >> Version: 2.0.6
> >> Release: 1.el5
> >> Size   : 198 k
> >> Repo   : base
> >> Summary: Enhanced system logging and kernel message trapping daemons
> >> Description:
> >> Rsyslog is an enhanced multi-threaded syslogd supporting, among
> >> others, MySQL, syslog/tcp, RFC 3195, permitted sender lists,
> >> filtering on any message part, and fine grain output format control.
> >> It is quite compatible to stock sysklogd and can be used as a drop-
> >> in replacement. Its advanced features make it suitable for
> >> enterprise-class, encryption protected syslog relay chains while at
> >> the same time being very easy to setup for the novice user.
> >
> > I use Scientific Linux 5.x and because they are RHEL derivatives I
> see the
> > same thing in the SL repo's.
> >
> > I have used the rsyslog from the repo's yet, all my rsyslog servers
> are
> > based
> > on EL4, but I'll try to help below.
> 
> Thank you for your help.
> 
> >> My questions are a little bit newbie...  before I try installing
> >> this, I want to know what it's going to do to my system:
> >>
> >> 1) Will it disable syslogd and/or klogd?  Or will it add itself
> using
> >> the "alternatives" paradigm so I can switch between them that way?
> >>  If neither, does it include startup scripts at all?  If they are
> there
> >> but not used by default, is there a recommended way to make the
> >> switch and not really screw things up?
> >
> > You should try this on a test box. I haven't tried it but I think it
> should
> > remove syslog RPM's from your installation and then install rsyslog.
> It
> > should
> > also make a /etc/syslog.conf.rpmsave file which you can reference for
> use in
> > /etc/rsyslog.conf
> 
> I wouldn't actually expect it to remove any other packages - I've
> never seen a yum installation remove something else - that seems like
> trouble.  In fact, it turns out that it didn't do a thing to
> syslog/ksyslogd.  It just installed itself in parallel (and it's up to
> you to turn it on).  Everything is in place (startup scripts, config
> file that is a mirror of syslog.conf, etc.) and you just have to
> 
> chkconfig syslog off
> chkconfig rsyslog on
> service syslog stop
> service rsyslog start
> 
> I guess if you're going to be more permanent:
> 
> chkconfig --del syslog
> chkconfig --add rsyslog
> 
> And use yum to remove ksyslogd/syslog
> 
> >> 2) Will it add itself to my cron jobs?  Specifically, I don't mind
> >> (for now) leaving the log rotation alone (don't let rsyslog manage
> my
> >> rotations).  If it adds itself to my cron jobs, does that mean it
> >> will remove the logrotate cron job?
> >
> > Not sure sorry. You should grab the src.rpm file from CentOS, install
> it and
> > take a look at the rsyslog.spec and it'll show you what it does on
> the post
> > install section.
> 
> That's above my skill level.  Instead I tried it out.  It also adds
> itself to /etc/logrotate.d/syslog so you don't have to touch any of
> this.  Here is the modified file:
> 
> /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler
> /var/log/boot.log /var/log/cron {
>     sharedscripts
>     postrotate
>         /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2>
> /dev/null || true
>         /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2>
> /dev/null || true
>     endscript
> }
> 
> As you see, it left syslog there and added rsyslog.  Because I have
> turned off syslog, this won't suddenly start it up, will it?
> 
> >> 2.5) If I keep using the old logrotate with rsyslog, will that
> create
> >> any conflicts?
> >
> > I don't see how any conflicts will occur with logroate, since rsyslog
> > basically logs to the same files that syslog logs to. It's meant to
> be a
> > drop
> > in replacement.
> >
> > Maybe specific questions about rsyslog with CentOS (or other
> derivatives)
> > would actually be better in the CentOS or Scientific Linux mailing
> lists?
> 
> I did, but it didn't help.  That's disappointing.
> 
> https://www.centos.org/modules/newbb/viewtopic.php?topic_id=21844&start
> =0#forumpost83694
> 
> >> Generally my aim is not to commit 100% to rsyslog yet, so I don't
> >> want to get to a situation where it's a lot of work to get back to
> >> the default syslog setup.
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com