syslog-ng

This chapter describes an installation of the syslog-ng as a probe for a LogMan.io service.

Prerequisities

On a target system (e.g. Linux server) we will need:

An Internet connectivity

  • Outbound network connectivity to a host lm-ha-01.logman.io port TCP/5477. The connection uses protocol AMQP over TLS1.2. You can check it by e.g. nc -v lm-ha-01.logman.io 5477.
  • Working network connection to your OS distribution package management server(s). It means working yum on CentOS respective apt to Ubuntu.

An administration access to a target system

  • You need an OS-level user with sudo ability or root account directly.
  • The installation is done in the UNIX shell, so SSH or direct access to server console is required.

An installation directory

  • The probe is installed into /opt/logman.io folder.
  • Required disk space is 20 Megabytes.

Credentials for LogMan.io

  • In order to connect a probe to LogMan.io central infrastructure, you need to provide virtual host, user name and password for every target server. Please contact our support or sales team if you don’t have one.

Installation steps

  1. Download the syslog-ng binary distribution package

Ubuntu 14.04

wget https://teskalabs.blob.core.windows.net/logmanio/logman.io_syslog-ng_ubuntu1404_x86-64_3.14.1.tar.gz

Ubuntu 18.04

wget https://teskalabs.blob.core.windows.net/logmanio/logman.io_syslog-ng_ubuntu1804_x86-64_3.17.2.tar.gz

CentOS 7

wget https://teskalabs.blob.core.windows.net/logmanio/logman.io_syslog-ng_centos7_x86-64_3.12.1.tar.gz

Debian8 / ARM6

wget https://teskalabs.blob.core.windows.net/logmanio/logman.io_syslog-ng_debian8_arm6_3.12.1.tar.gz

  1. Create destination directory

sudo mkdir -p /opt/logman.io

  1. Unpack the binary distribution package

sudo tar xzf logman.io_syslog-ng_ubuntu1404_x86-64_3.14.1.tar.gz -C /opt/logman.io

  1. Prepare a configuration folder

sudo mkdir -p /opt/logman.io/etc/syslog-ng

sudo mkdir -p /opt/logman.io/syslog-ng/var

sudo wget -O /opt/logman.io/etc/syslog-ng/syslog-ng.conf https://raw.githubusercontent.com/TeskaLabs/LogMan-io-configs/master/syslog-ng/syslog-ng.conf

sudo wget -O /opt/logman.io/etc/syslog-ng/ca.cert https://raw.githubusercontent.com/TeskaLabs/LogMan-io-configs/master/syslog-ng/ca.cert

  1. Finish a configuration

sudo vi /opt/logman.io/etc/syslog-ng/syslog-ng.conf

Enter a virtual host instead of <PROVIDE VIRTUAL HOST> place holder.

Enter a user name instead of <PROVIDE USER NAME> place holder.

Enter a password instead of <PROVIDE PASSWORD> place holder.

And when save it and leave vi evitor with :wq.

  1. Uninstall a system syslog

Use ps ax | grep syslog to determine what syslog is running on the target machine.

Ubuntu with rsyslog

sudo apt-get remove rsyslog

  1. Ubuntu with syslog-ng

sudo apt-get remove syslog-ng

  1. Configure system to start syslog-ng

Check respective init script below.

The syslog-ng service is started by sudo service logman-io-syslog-ng start

  1. Reboot the server (optionally)

sudo reboot

Init script for systemd

sudo vi /etc/systemd/system/logman-io-syslog-ng.service

Systemd init script:

[Unit]
Description=LogMan.io Syslog-ng
After=network.target

[Service]
Type=simple
WorkingDirectory=/opt/logman.io/syslog-ng
Restart=on-failure
PIDFile=/var/run/logman.io-syslog-ng.pid
ExecStart=/opt/logman.io/syslog-ng/sbin/syslog-ng -F -f /opt/logman.io/etc/syslog-ng/syslog-ng.conf

[Install]
WantedBy=multi-user.target

Let systemd know that there is a new service.

sudo systemctl enable logman-io-syslog-ng

Init script for upstart (Ubuntu up to 14.04)

sudo vi /etc/init/logman-io-syslog-ng.conf

Upstart init script:

description "LogMan.io Syslog-ng"

start on runlevel [2345]
stop on runlevel [!2345]

respawn

exec /opt/logman.io/syslog-ng/sbin/syslog-ng -F -f /opt/logman.io/etc/syslog-ng/syslog-ng.conf

Compile syslog-ng from sources (optional)

If you need to compile a syslog-ng from sources instead of using a provided binary distribution, here is a description a compilation process.

The syslog-ng will be compiled and installed into /opt/logman.io/syslog-ng directory.

Ubuntu

sudo apt-get install gcc make pkg-config libglib2.0-dev libssl-dev libjson-c-dev flex bison
wget https://github.com/balabit/syslog-ng/releases/download/syslog-ng-3.14.1/syslog-ng-3.14.1.tar.gz
tar xzvf syslog-ng-3.14.1.tar.gz
./configure --prefix=/opt/logman.io/syslog-ng --enable-json=yes --enable-pacct=yes --enable-mongodb=no --enable-amqp=yes
make
sudo rm -rf /opt/logman.io/syslog-ng
sudo make install
cd /opt/logman.io
tar cvf logman.io_syslog-ng_ubuntu1404_x86-64_3.14.1.tar.gz syslog-ng

CentOS, Red Hat, Fedora

sudo yum install gcc make pcre-devel glib2-devel openssl-devel json-c-devel
wget https://github.com/balabit/syslog-ng/releases/download/syslog-ng-3.14.1/syslog-ng-3.14.1.tar.gz
tar xzvf syslog-ng-3.14.1.tar.gz
./configure --prefix=/opt/logman.io/syslog-ng --enable-json=yes --enable-pacct=yes
make
sudo rm -rf /opt/logman.io/syslog-ng
sudo make install