Hi all!
Is anybody here using rsyslog? I am looking for the right solution how to use rsyslog in CentOS 5 as the default logging daemon. We use it because of filtering using regular expressions.
I switched from sysklogd to rsyslog simply using
chkconfig --del syslog chkconfig --add rsyslog chkconfig rsyslog on service syslog stop service rsyslog start
but this seems not to be "bullet-proof" solution - when yum automaticaly install updates, sysklogd rpm package runs postinstall scriptlet which unfortunately returns sysklogd back to game (and breaks logging based on regex).
# rpm -q --scripts sysklogd postinstall scriptlet (using /bin/sh): if [ "$1" -ge 1 ]; then /sbin/chkconfig --add syslog <<HERE for n in /var/log/{messages,secure,maillog,spooler} do [ -f $n ] && continue touch $n chmod 600 $n done /sbin/service syslog condrestart > /dev/null 2>&1 fi exit 0 ...
# chkconfig --list syslog syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Meanwhile, automatic update of rsyslog package results (thanks to postinstall scriptlet) into disabled rsyslog :-/ ...
# rpm -q --scripts rsyslog postinstall scriptlet (using /bin/sh): /sbin/chkconfig --add rsyslog <<HERE for n in /var/log/{messages,secure,maillog,spooler} do [ -f $n ] && continue umask 066 && touch $n done ...
# chkconfig --list rsyslog rsyslog 0:off 1:off 2:off 3:off 4:off 5:off 6:off
- uninstalling sysklogd package will not solve the problem of disabling rsyslog after yum update. Or should I uninstall it and simply change '# chkconfig:' part of rsyslog rc script?
- I don't want to disable automatic updates of sysklogd and rsyslog packages using /etc/yum.conf:exclude=... bacause of security reasons.
- I think about using 'alternatives', but I am not sure if it is the appropriate solution.
- should I report to Red Hat's bugzilla?
Maybe I overlooked something in documentation.
Thank you for any advice and patience.
Andrej