Solved

syslog-ng on AIX

Posted on 2010-08-27
4
2,277 Views
Last Modified: 2013-11-17
I'd like to install syslog-ng on AIX. HAve any of you done this before? Where is the latest package for AIX? Do I need to compile from source? Any hint.

Thanks
0
Comment
Question by:sminfo
  • 3
4 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 33539836
Hello again,
yes I did it, and it works well.
The latest package (afaik) is here - http://www.perzl.org/aix/index.php?n=Main.Syslog-ng
It's "only" 3.0.5, but works (well, not out-of-the-box, see below).
Prerequisites are glib2, gettext, bzip2, readline, eventlog and pcre, all available at the above site.
Be careful with gettext! It contains libintl.a, which is very touchy regarding its versions. But if you don't have installed it yet, no problem.
openssl is also a prerequisite, and that's a bit tricky, because openssl is now shipped with AIX, and versions do not always match.
You need 0.9.8 or higher, please check with "lslpp -l | grep openssl".
As for the source version -
syslog-ng's newest stable version is 3.1.2.
Compiling it from source is possible, of course. You will need the GNU compiler collection (gcc), and gmake for that. You can get it from perzl.org too (see above).
Once you installed syslog-ng and try to run it, don't forget to disable AIXs own syslog (disable it in /etc/rc.tcpip).
I'd suggest to download all rpms, to start installing the prerequisites, then syslog-ng, and to see how far you get. If there are issues during the above, please tell me, I will assist you.
wmp
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 500 total points
ID: 33540003
Some hints -
- If you do have gettext (and thus libintl.a), but in a wrong version, please tell me the details before over-installing something. I'd like to check it beforehand.
- If the syslog-ng installation complains about missing openssl although it's present (check with lslpp) you can install syslog-ng ignoring this dependency (use the "--nodeps" flag) - but only if openssl is actually 0.9.8 or better and if it's the only missing dependency!
- Before installing syslog-ng via rpm create the directories /var/lib/syslog-ng and, if it doesn't exist yet /var/log. For some reason the installer doesn't do that on its own.
- syslog-ng can be started with "startsrc -s syslogng" and it will run, but the subsystem will show up as "inoperative" with "lssrc -a", and that's the reason why you can't stop it with "stopsrc -s syslogng". I'm still researching on this.If you need to stop it in an automated way use the PID stored in /etc/syslog-ng.pid (kill $(cat /etc/syslog-ng.pid).
Good luck!
 wmp
0
 

Author Closing Comment

by:sminfo
ID: 33540115
Nice wmp, finally I installed it on a server.. but, can you give me a basic syslog-ng.conf file? Or the default syslog-ng.conf works fine? How can I configure it to send *.* to an external server?
Which is best syslogd or syslog-ng on AIX? Pros, Cons.


Thanks indeed.
regards
Israel.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 33540263
Congrats!
I once had a similar case here at EE where I posted a config - http://www.experts-exchange.com/OS/Unix/Q_23886277.html
The relevant parts for sending to an external server -
source s_local { unix-dgram("/dev/log"); };
destination d_loghost   { tcp("123.123.123.123" port(514)); };
log { source(s_local); destination(d_loghost); };

The only Con - syslog-ng is not part of AIX. There might be major changes in AIX in the future which syslog-ng wouldn't reflect. Maybe you would have to wait until the syslog-ng developers react upon those changes an update their product. But since syslogging is pretty much standard I hope this will not really happen.
It doesn't come with AIX, so for every new machine (if you don't clone) you must install it anew.
Pro - the filters! It's a very nice thing to be able to spread messages based on various criteria across several distinct logfiles, whose names may contain variables, such as $HOST.  Criteria can even consist of strings found in the content of the message ("match ..."), so you can accept/reject/distribute those messages very fine-grained. There is "and", "or", "not" to logically combine criteria as well. You can even send your messages to different loghosts based on those  criteria.
Also, setting owner/group/permissions of the logfiles is a good thing.
Thx for the points, and have a nice weekend, if there are no more questions to ask today  :-)
¡Salud!
wmp
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now