Skip to main content

Replacing rsyslog with syslog-ng on RHEL 6.5

So...I had a piece of monitoring software that didn't play nice with the RHEL default rsyslog for log collection. The software was developed to only work with syslog-ng. I'll be going over the steps that I took, that worked for me, in replacing rsyslog with syslog-ng. I would imagine that these same steps should work for any Linux system similar to RHEL (Fedora, CentOS, etc.). For others (like Debein based distributions), I would need to look into that (coming in a future update to this post).

First, remove rsyslog. You will need to keep the dependencies as they will be needed for syslog-ng:
sudo rpm -e --nodeps rsyslog
Next we will need to add the EPEL repository (more info can be found HERE):
wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
sudo rpm -ivh epel-release-6-8.rpm
sudo yum repolist
That last command will list all the installed repositories. You are simply verifying that the EPEL package has been installed.

Now that we finished that, it's time to install syslog-ng:
sudo yum install --enablerepo=epel syslog-ng
sudo yum install --enablerepo=epel syslog-ng-libdbi
Next, we need to check the syslog-ng version:
syslog-ng -V
Now, in order to start syslog-ng, issue the following:
sudo /etc/init.d/syslog-ng start

In order to configure syslog-ng to fit your specific needs, you will need to edit the following config file:
/etc/syslog-ng/syslog-ng.conf 
After making any edits to the config file, you will need to restart the service. Additionally, depending on what you will be monitoring, or the application that you will be using to collect the log files, you might need to add a rule in IPTables for the outbound connection.

That should be about it. Outside of the config and firewall changes you should be good to go with syslog-ng for log collections.

P.S. don't forget to check any internal router/firewall to make sure the port is open between your Linux system and the log collection system.
Labels:

Comments

  1. JWest9.3.16

    I am moving off syslog-ng due to syslog-ng not being updated by RH. 3.2 is missing things like @10.10.10.10 for remote.

    ReplyDelete

Post a Comment

Popular posts from this blog

Visio Stencils Pack for Azure and Microsoft Integration (v5.0.0)

First off, I'd like to send a big shout out to Sandro Pereira who's been managing the vision stencils pack. Essentially, I'm re-posting his information here, because I had a really hard time finding the latest Visio pack for Azure, that wasn't a bunch of SVG's. My thought is that if more people re-post, maybe the search engines of the internet will have an easier time propagating the information... Sandero's Blog (the original post around the new stencils): https://blog.sandro-pereira.com/2019/10/18/microsoft-integration-and-azure-stencils-pack-for-visio-new-major-version-available-v5-0-0/ Sandero's GitHub: https://github.com/sandroasp/Microsoft-Integration-and-Azure-Stencils-Pack-for-Visio Microsoft TechNet Download: https://gallery.technet.microsoft.com/Collection-of-Integration-e6a3f4d0 I will say, and maybe it's just because I'm using Visio 2013, each icon has a boarder that needs to be removed when putting it on the page... Likely it
Post a Comment
Read more

Disable Security Features to Dual Boot OS X - El Capitan

So, I've recently been working on updating/rebuilding my latest little friend (an 11" MacBook Air) to dual boot the latest OS X, El Capitan, and Kali. I'll go over everything in full detail as soon as I can finish the setup, but I wanted to get this out there for anyone else that may stumble upon any issues with setting up rEFInd on an updated mac. To start, while on Yosemite, I downloaded El Capitan from the App Store, and copied the install files to a USB. From there I preformed my upgrade. This might not be a good option for some people, as I'm sure your mac might be your primary computer... For me, that's not a problem. I tend to keep my essentials on USB drives / cloud storage as I tend to need access from different devices (phone, computer, tablet, etc.). After preforming a clean install of El Capitan, I headed over to the rEFInd website, download the program and ran the install.sh script... Now, that appears to work, like it did with pervious versions of
Post a Comment
Read more

Windows Server 2008: Log on as batch job

From time to time, I have to set up some scheduled tasks that required a dedicated account to run. And when doing so, I'll usually forget that the dedicated account usually isn't given any more permissions than what it needs to complete the task at hand. So, after setting up the task, Windows will usually yell at me and say "The account needs batch job rights". So here's how to grant batch job permissions on your server. Go to your start menu, and start searching for Local Security Policy In the left pane of the MMC that opens up, expand Local Policies, and highlight User Rights Assignment. Now, in the left right pane, locate "Log on as a batch job" and double click it. In the properties window that opens up, add the user or group that needs this permission. I find that if you have multiple service accounts running different tasks on the same server, it's easier to just add a group verses the individual a
Post a Comment
Read more