Solved

syslog-ng on AIX

Posted on 2010-08-27
4
2,374 Views
Last Modified: 2013-11-17
I'd like to install syslog-ng on AIX. HAve any of you done this before? Where is the latest package for AIX? Do I need to compile from source? Any hint.

Thanks
0
Comment
Question by:sminfo
  • 3
4 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 33539836
Hello again,
yes I did it, and it works well.
The latest package (afaik) is here - http://www.perzl.org/aix/index.php?n=Main.Syslog-ng
It's "only" 3.0.5, but works (well, not out-of-the-box, see below).
Prerequisites are glib2, gettext, bzip2, readline, eventlog and pcre, all available at the above site.
Be careful with gettext! It contains libintl.a, which is very touchy regarding its versions. But if you don't have installed it yet, no problem.
openssl is also a prerequisite, and that's a bit tricky, because openssl is now shipped with AIX, and versions do not always match.
You need 0.9.8 or higher, please check with "lslpp -l | grep openssl".
As for the source version -
syslog-ng's newest stable version is 3.1.2.
Compiling it from source is possible, of course. You will need the GNU compiler collection (gcc), and gmake for that. You can get it from perzl.org too (see above).
Once you installed syslog-ng and try to run it, don't forget to disable AIXs own syslog (disable it in /etc/rc.tcpip).
I'd suggest to download all rpms, to start installing the prerequisites, then syslog-ng, and to see how far you get. If there are issues during the above, please tell me, I will assist you.
wmp
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 500 total points
ID: 33540003
Some hints -
- If you do have gettext (and thus libintl.a), but in a wrong version, please tell me the details before over-installing something. I'd like to check it beforehand.
- If the syslog-ng installation complains about missing openssl although it's present (check with lslpp) you can install syslog-ng ignoring this dependency (use the "--nodeps" flag) - but only if openssl is actually 0.9.8 or better and if it's the only missing dependency!
- Before installing syslog-ng via rpm create the directories /var/lib/syslog-ng and, if it doesn't exist yet /var/log. For some reason the installer doesn't do that on its own.
- syslog-ng can be started with "startsrc -s syslogng" and it will run, but the subsystem will show up as "inoperative" with "lssrc -a", and that's the reason why you can't stop it with "stopsrc -s syslogng". I'm still researching on this.If you need to stop it in an automated way use the PID stored in /etc/syslog-ng.pid (kill $(cat /etc/syslog-ng.pid).
Good luck!
 wmp
0
 

Author Closing Comment

by:sminfo
ID: 33540115
Nice wmp, finally I installed it on a server.. but, can you give me a basic syslog-ng.conf file? Or the default syslog-ng.conf works fine? How can I configure it to send *.* to an external server?
Which is best syslogd or syslog-ng on AIX? Pros, Cons.


Thanks indeed.
regards
Israel.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 33540263
Congrats!
I once had a similar case here at EE where I posted a config - http://www.experts-exchange.com/OS/Unix/Q_23886277.html
The relevant parts for sending to an external server -
source s_local { unix-dgram("/dev/log"); };
destination d_loghost   { tcp("123.123.123.123" port(514)); };
log { source(s_local); destination(d_loghost); };

The only Con - syslog-ng is not part of AIX. There might be major changes in AIX in the future which syslog-ng wouldn't reflect. Maybe you would have to wait until the syslog-ng developers react upon those changes an update their product. But since syslogging is pretty much standard I hope this will not really happen.
It doesn't come with AIX, so for every new machine (if you don't clone) you must install it anew.
Pro - the filters! It's a very nice thing to be able to spread messages based on various criteria across several distinct logfiles, whose names may contain variables, such as $HOST.  Criteria can even consist of strings found in the content of the message ("match ..."), so you can accept/reject/distribute those messages very fine-grained. There is "and", "or", "not" to logically combine criteria as well. You can even send your messages to different loghosts based on those  criteria.
Also, setting owner/group/permissions of the logfiles is a good thing.
Thx for the points, and have a nice weekend, if there are no more questions to ask today  :-)
¡Salud!
wmp
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question