Solved

syslog-ng on AIX

Posted on 2010-08-27
4
2,333 Views
Last Modified: 2013-11-17
I'd like to install syslog-ng on AIX. HAve any of you done this before? Where is the latest package for AIX? Do I need to compile from source? Any hint.

Thanks
0
Comment
Question by:sminfo
  • 3
4 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 33539836
Hello again,
yes I did it, and it works well.
The latest package (afaik) is here - http://www.perzl.org/aix/index.php?n=Main.Syslog-ng
It's "only" 3.0.5, but works (well, not out-of-the-box, see below).
Prerequisites are glib2, gettext, bzip2, readline, eventlog and pcre, all available at the above site.
Be careful with gettext! It contains libintl.a, which is very touchy regarding its versions. But if you don't have installed it yet, no problem.
openssl is also a prerequisite, and that's a bit tricky, because openssl is now shipped with AIX, and versions do not always match.
You need 0.9.8 or higher, please check with "lslpp -l | grep openssl".
As for the source version -
syslog-ng's newest stable version is 3.1.2.
Compiling it from source is possible, of course. You will need the GNU compiler collection (gcc), and gmake for that. You can get it from perzl.org too (see above).
Once you installed syslog-ng and try to run it, don't forget to disable AIXs own syslog (disable it in /etc/rc.tcpip).
I'd suggest to download all rpms, to start installing the prerequisites, then syslog-ng, and to see how far you get. If there are issues during the above, please tell me, I will assist you.
wmp
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 500 total points
ID: 33540003
Some hints -
- If you do have gettext (and thus libintl.a), but in a wrong version, please tell me the details before over-installing something. I'd like to check it beforehand.
- If the syslog-ng installation complains about missing openssl although it's present (check with lslpp) you can install syslog-ng ignoring this dependency (use the "--nodeps" flag) - but only if openssl is actually 0.9.8 or better and if it's the only missing dependency!
- Before installing syslog-ng via rpm create the directories /var/lib/syslog-ng and, if it doesn't exist yet /var/log. For some reason the installer doesn't do that on its own.
- syslog-ng can be started with "startsrc -s syslogng" and it will run, but the subsystem will show up as "inoperative" with "lssrc -a", and that's the reason why you can't stop it with "stopsrc -s syslogng". I'm still researching on this.If you need to stop it in an automated way use the PID stored in /etc/syslog-ng.pid (kill $(cat /etc/syslog-ng.pid).
Good luck!
 wmp
0
 

Author Closing Comment

by:sminfo
ID: 33540115
Nice wmp, finally I installed it on a server.. but, can you give me a basic syslog-ng.conf file? Or the default syslog-ng.conf works fine? How can I configure it to send *.* to an external server?
Which is best syslogd or syslog-ng on AIX? Pros, Cons.


Thanks indeed.
regards
Israel.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 33540263
Congrats!
I once had a similar case here at EE where I posted a config - http://www.experts-exchange.com/OS/Unix/Q_23886277.html
The relevant parts for sending to an external server -
source s_local { unix-dgram("/dev/log"); };
destination d_loghost   { tcp("123.123.123.123" port(514)); };
log { source(s_local); destination(d_loghost); };

The only Con - syslog-ng is not part of AIX. There might be major changes in AIX in the future which syslog-ng wouldn't reflect. Maybe you would have to wait until the syslog-ng developers react upon those changes an update their product. But since syslogging is pretty much standard I hope this will not really happen.
It doesn't come with AIX, so for every new machine (if you don't clone) you must install it anew.
Pro - the filters! It's a very nice thing to be able to spread messages based on various criteria across several distinct logfiles, whose names may contain variables, such as $HOST.  Criteria can even consist of strings found in the content of the message ("match ..."), so you can accept/reject/distribute those messages very fine-grained. There is "and", "or", "not" to logically combine criteria as well. You can even send your messages to different loghosts based on those  criteria.
Also, setting owner/group/permissions of the logfiles is a good thing.
Thx for the points, and have a nice weekend, if there are no more questions to ask today  :-)
¡Salud!
wmp
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question