Hi all!
Is anybody here using rsyslog? I am looking for the right solution how
to use rsyslog in CentOS 5 as the default logging daemon. We use it
because of filtering using regular expressions.
I switched from sysklogd to rsyslog simply using
chkconfig --del syslog
chkconfig --add rsyslog
chkconfig rsyslog on
service syslog stop
service rsyslog start
but this seems not to be "bullet-proof" solution - when yum automaticaly
install updates, sysklogd rpm package runs postinstall scriptlet which
unfortunately returns sysklogd back to game (and breaks logging based on
regex).
# rpm -q --scripts sysklogd
postinstall scriptlet (using /bin/sh):
if [ "$1" -ge 1 ]; then
/sbin/chkconfig --add syslog <<HERE
for n in /var/log/{messages,secure,maillog,spooler}
do
[ -f $n ] && continue
touch $n
chmod 600 $n
done
/sbin/service syslog condrestart > /dev/null 2>&1
fi
exit 0
...
# chkconfig --list syslog
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Meanwhile, automatic update of rsyslog package results (thanks to
postinstall scriptlet) into disabled rsyslog :-/ ...
# rpm -q --scripts rsyslog
postinstall scriptlet (using /bin/sh):
/sbin/chkconfig --add rsyslog <<HERE
for n in /var/log/{messages,secure,maillog,spooler}
do
[ -f $n ] && continue
umask 066 && touch $n
done
...
# chkconfig --list rsyslog
rsyslog 0:off 1:off 2:off 3:off 4:off 5:off 6:off
- uninstalling sysklogd package will not solve the problem of disabling
rsyslog after yum update. Or should I uninstall it and simply change '#
chkconfig:' part of rsyslog rc script?
- I don't want to disable automatic updates of sysklogd and rsyslog
packages using /etc/yum.conf:exclude=... bacause of security reasons.
- I think about using 'alternatives', but I am not sure if it is the
appropriate solution.
- should I report to Red Hat's bugzilla?
Maybe I overlooked something in documentation.
Thank you for any advice and patience.
Andrej