Hi all!
Is anybody here using rsyslog? I am looking for the right solution how to use rsyslog in CentOS 5 as the default logging daemon. We use it because of filtering using regular expressions.
I switched from sysklogd to rsyslog simply using
chkconfig --del syslog chkconfig --add rsyslog chkconfig rsyslog on service syslog stop service rsyslog start
but this seems not to be "bullet-proof" solution - when yum automaticaly install updates, sysklogd rpm package runs postinstall scriptlet which unfortunately returns sysklogd back to game (and breaks logging based on regex).
# rpm -q --scripts sysklogd postinstall scriptlet (using /bin/sh): if [ "$1" -ge 1 ]; then /sbin/chkconfig --add syslog <<HERE for n in /var/log/{messages,secure,maillog,spooler} do [ -f $n ] && continue touch $n chmod 600 $n done /sbin/service syslog condrestart > /dev/null 2>&1 fi exit 0 ...
# chkconfig --list syslog syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Meanwhile, automatic update of rsyslog package results (thanks to postinstall scriptlet) into disabled rsyslog :-/ ...
# rpm -q --scripts rsyslog postinstall scriptlet (using /bin/sh): /sbin/chkconfig --add rsyslog <<HERE for n in /var/log/{messages,secure,maillog,spooler} do [ -f $n ] && continue umask 066 && touch $n done ...
# chkconfig --list rsyslog rsyslog 0:off 1:off 2:off 3:off 4:off 5:off 6:off
- uninstalling sysklogd package will not solve the problem of disabling rsyslog after yum update. Or should I uninstall it and simply change '# chkconfig:' part of rsyslog rc script?
- I don't want to disable automatic updates of sysklogd and rsyslog packages using /etc/yum.conf:exclude=... bacause of security reasons.
- I think about using 'alternatives', but I am not sure if it is the appropriate solution.
- should I report to Red Hat's bugzilla?
Maybe I overlooked something in documentation.
Thank you for any advice and patience.
Andrej
Andrej Moravcik wrote:
Hi all!
Is anybody here using rsyslog? I am looking for the right solution how to use rsyslog in CentOS 5 as the default logging daemon. We use it because of filtering using regular expressions.
I switched from sysklogd to rsyslog simply using
chkconfig --del syslog chkconfig --add rsyslog chkconfig rsyslog on service syslog stop service rsyslog start
but this seems not to be "bullet-proof" solution - when yum automaticaly install updates, sysklogd rpm package runs postinstall scriptlet which unfortunately returns sysklogd back to game (and breaks logging based on regex).
I think your problem is that you did 'chkconfig --del syslog' - as the man page states:
--del name The service is removed from chkconfig management, and any sym- bolic links in /etc/rc[0-6].d which pertain to it are removed.
Note that future package installs for this service may run chk- config --add, which will re-add such links. To disable a ser- vice, run chkconfig name off.
I believe you should have done 'chkconfig syslog off' instead.
We use rsyslog instead of sysklogd and don't get this problem.
James Pearson
James Pearson wrote:
I think your problem is that you did 'chkconfig --del syslog' - as the man page states:
--del name The service is removed from chkconfig management, and any sym- bolic links in /etc/rc[0-6].d which pertain to it are removed.
Note that future package installs for this service may run chk- config --add, which will re-add such links. To disable a ser- vice, run chkconfig name off.I believe you should have done 'chkconfig syslog off' instead.
We use rsyslog instead of sysklogd and don't get this problem.
Thank you James, you are right, 'chkconfig syslog off; chkconfig rsyslog on' solved this problem.
Andrej
-
Andrej Moravcik -
James Pearson