Difference between revisions of "Installing rsyslog from yum repository"

From Notes_Wiki
m
m
Line 2: Line 2:
=Installing rsyslog server in CentOS=
=Installing rsyslog server in CentOS=


To install rsyslog server in CentOS from source follow these steps:
To install rsyslog use following steps:
#Setup repositories rpmfusion, rpmforge and epel
#<tt>yum -y install rsyslog</tt>
#Disable SELinux
#Enable incoming UDP port 514 packets
#Edit '<tt>/etc/rsyslog.conf</tt>' file as follows:
##Append following lines
##:<pre>
##::$template TmplAuth, "/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
##::
##::authpriv.*      ?TmplAuth
##::*.info,mail.none,authpriv.none,cron.none  ?TmplMsg
##::</pre>
##Uncomment following lines:
##:<pre>
##::$ModLoad imudp
##::$UDPServerRun 514
##:</pre>


*Download latest stable release of rsyslog from http://www.rsyslog.com/
After this to configure remote machines to send logs to rsyslog server use:
*Extract the source package
#Install rsyslog same as in case of server
*Run configure in following manner
#Edit '<tt>/etc/rsyslog.conf</tt>' file and append following configuration:
*:<pre>
#:<pre>
*::./configure --enable-gnutls --libdir=/lib --sbindir=/sbin
#:: *.* @&lt;server&gt;:&lt;port&gt;
*:</pre>
#:</pre>
*Run make
*Run make install as root
*Use rsyslog.conf file similar to [[media:Rsyslog-2009-10-06.conf.txt|rsyslog-2009-10-06.conf.txt]]
*Use following commands to use rsyslog instead of syslog
*:<pre>
*::service syslog stop
*::service rsyslog start
*::chkconfig syslog off
*::chkconfig rsyslog on
*:</pre>


==Troubleshooting==
If you get errors like this
<pre>
Oct 26 15:34:29 information rsyslogd:the last error occured in /etc/rsyslog.conf, line 8
Oct 26 15:34:29 information rsyslogd:could not load module '/usr/local/lib/rsyslog/imklog.so', dlopen: /usr/local/lib/rsyslog/imklog.so: undefined symbol: MsgSetRcvFromIP
Oct 26 15:34:29 information rsyslogd:the last error occured in /etc/rsyslog.conf, line 9
Oct 26 15:34:29 information rsyslogd:could not load module '/usr/local/lib/rsyslog/imudp.so', dlopen: /usr/local/lib/rsyslog/imudp.so: undefined symbol: MsgSetRcvFromIP
Oct 26 15:34:29 information rsyslogd:the last error occured in /etc/rsyslog.conf, line 13
Oct 26 15:34:29 information rsyslogd:invalid or yet-unknown config file command - have you forgotten to load a module?
Oct 26 15:34:29 information rsyslogd:the last error occured in /etc/rsyslog.conf, line 14
Oct 26 15:34:29 information rsyslogd:invalid or yet-unknown config file command - have you forgotten to load a module?
Oct 26 15:34:29 information rsyslogd:the last error occured in /etc/rsyslog.conf, line 24
Oct 26 15:34:29 information kernel: rklogd 2.0.6, log source = /proc/kmsg started.
</pre>
in `<tt>/var/log/messages</tt>' file after doing `<tt>service rsyslog restart</tt>' then probably you are not running rsyslog version you installed from source. Make sure you use `<tt>--libdir=/lib --sbindir=/sbin</tt>' with `<tt>./configure</tt>' so that already installed rsyslog is replaced.






Steps learned from http://tecadmin.net/setup-centralized-logging-server-using-rsyslogd/  and contributed by Kiran Kollipara
<yambe:breadcrumb self="Installing from source">Rsyslog configuration</yambe:breadcrumb>
<yambe:breadcrumb self="Installing from source">Rsyslog configuration</yambe:breadcrumb>

Revision as of 06:32, 11 February 2015

<yambe:breadcrumb self="Installing from source">Rsyslog configuration</yambe:breadcrumb>

Installing rsyslog server in CentOS

To install rsyslog use following steps:

  1. Setup repositories rpmfusion, rpmforge and epel
  2. yum -y install rsyslog
  3. Disable SELinux
  4. Enable incoming UDP port 514 packets
  5. Edit '/etc/rsyslog.conf' file as follows:
    1. Append following lines 
      $template TmplAuth, "/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
      

      

      authpriv.*      ?TmplAuth

      • .info,mail.none,authpriv.none,cron.none   ?TmplMsg
    2. Uncomment following lines: 
      $ModLoad imudp
      

      $UDPServerRun 514

After this to configure remote machines to send logs to rsyslog server use:

  1. Install rsyslog same as in case of server
  2. Edit '/etc/rsyslog.conf' file and append following configuration: 
    *.* @<server>:<port>



Steps learned from http://tecadmin.net/setup-centralized-logging-server-using-rsyslogd/ and contributed by Kiran Kollipara <yambe:breadcrumb self="Installing from source">Rsyslog configuration</yambe:breadcrumb>

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Installing_rsyslog_from_yum_repository&oldid=1900"