[CentOS] rsyslog as default syslog daemon?

Andrej Moravcik centos at datalock.sk
Fri Nov 26 13:44:40 EST 2010


Hi all!

Is anybody here using rsyslog? I am looking for the right solution how 
to use rsyslog in CentOS 5 as the default logging daemon. We use it 
because of filtering using regular expressions.

I switched from sysklogd to rsyslog simply using

chkconfig --del syslog
chkconfig --add rsyslog
chkconfig rsyslog on
service syslog stop
service rsyslog start

but this seems not to be "bullet-proof" solution - when yum automaticaly 
install updates, sysklogd rpm package runs postinstall scriptlet which 
unfortunately returns sysklogd back to game (and breaks logging based on 
regex).

# rpm -q --scripts sysklogd
postinstall scriptlet (using /bin/sh):
if [ "$1" -ge 1 ]; then
    /sbin/chkconfig --add syslog				<<HERE
    for n in /var/log/{messages,secure,maillog,spooler}
    do
         [ -f $n ] && continue
         touch $n
         chmod 600 $n
    done
    /sbin/service syslog condrestart > /dev/null 2>&1
fi
exit 0
...


# chkconfig --list syslog
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off



Meanwhile, automatic update of rsyslog package results (thanks to 
postinstall scriptlet) into disabled rsyslog :-/ ...

# rpm -q --scripts rsyslog
postinstall scriptlet (using /bin/sh):
/sbin/chkconfig --add rsyslog				<<HERE
for n in /var/log/{messages,secure,maillog,spooler}
do
         [ -f $n ] && continue
         umask 066 && touch $n
done
...

# chkconfig --list rsyslog
rsyslog         0:off   1:off   2:off   3:off   4:off   5:off   6:off



- uninstalling sysklogd package will not solve the problem of disabling 
rsyslog after yum update. Or should I uninstall it and simply change '# 
chkconfig:' part of rsyslog rc script?

- I don't want to disable automatic updates of sysklogd and rsyslog 
packages using /etc/yum.conf:exclude=... bacause of security reasons.

- I think about using 'alternatives', but I am not sure if it is the 
appropriate solution.

- should I report to Red Hat's bugzilla?



Maybe I overlooked something in documentation.

Thank you for any advice and patience.


Andrej



More information about the CentOS mailing list