Skip to main content

Replacing rsyslog with syslog-ng on RHEL 6.5

So...I had a piece of monitoring software that didn't play nice with the RHEL default rsyslog for log collection. The software was developed to only work with syslog-ng. I'll be going over the steps that I took, that worked for me, in replacing rsyslog with syslog-ng. I would imagine that these same steps should work for any Linux system similar to RHEL (Fedora, CentOS, etc.). For others (like Debein based distributions), I would need to look into that (coming in a future update to this post).

First, remove rsyslog. You will need to keep the dependencies as they will be needed for syslog-ng:
sudo rpm -e --nodeps rsyslog
Next we will need to add the EPEL repository (more info can be found HERE):
wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
sudo rpm -ivh epel-release-6-8.rpm
sudo yum repolist
That last command will list all the installed repositories. You are simply verifying that the EPEL package has been installed.

Now that we finished that, it's time to install syslog-ng:
sudo yum install --enablerepo=epel syslog-ng
sudo yum install --enablerepo=epel syslog-ng-libdbi
Next, we need to check the syslog-ng version:
syslog-ng -V
Now, in order to start syslog-ng, issue the following:
sudo /etc/init.d/syslog-ng start

In order to configure syslog-ng to fit your specific needs, you will need to edit the following config file:
/etc/syslog-ng/syslog-ng.conf 
After making any edits to the config file, you will need to restart the service. Additionally, depending on what you will be monitoring, or the application that you will be using to collect the log files, you might need to add a rule in IPTables for the outbound connection.

That should be about it. Outside of the config and firewall changes you should be good to go with syslog-ng for log collections.

P.S. don't forget to check any internal router/firewall to make sure the port is open between your Linux system and the log collection system.

Comments

  1. I am moving off syslog-ng due to syslog-ng not being updated by RH. 3.2 is missing things like @10.10.10.10 for remote.

    ReplyDelete

Post a Comment

Popular posts from this blog

Facebook and Two-Factor Auth

So in this post, I'm going to go over a quick setup on how to turn of two-factor auth with Facebook. Facebook does some interesting things once you turn on two-factor auth. If you have the app installed on your device, it will push a login code to that device. You can also set this up with SMS and the DUO Mobile app. We'll go over all three here. For a more high-level document on 2-factor auth, see my post HERE . As I've said before, this is not meant to be an in-depth guide, but more of a how-to for those that wouldn't normally think of turning on additional security settings. With that, let's get started: 1) Fist off, log into your Facebook on a computer and go over to the little down arrow in the upper right corner and select Settings. In the settings area, you'll want to select "Security" on the left. 2) In the Security Settings, you'll need to select the Edit button in the "Login Approvals" section. You'll be presented wi...

Using Python for GPG/PGP File Encryption - Part 2

Previously we looked at creating keys, importing public and private keys and the overall setup of gnupg with python. This time around, we're going to take a look at file encryption. Overall the file encryption process is fairly general/easy. But it lacks in the area of scaleablilty, ie to start, you'll only be encrypting one file at a time, which can be done outside of Python with ease. The idea of going over everything in Python, is that you can setup a script to encrypt multiple files in a folder (look for that in Part 3). Assumptions; you have python, and python-gnupg installed, and a public key from someone you want to encrypt and send files to imported to your keystore home (see Part 1 for more information here. Let's get started with Python file encryption. Start off by getting into your python shell, and enter the following: >>> import os >>> import gnupg >>> gpg_home = "/path/to/keyfile/.gnupg" >>> gpg = gnupg....