LinuxQuestions.org - Bug installation Syslog-ng in Centos 5.6 server

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - Bug installation Syslog-ng in Centos 5.6 server (https://www.linuxquestions.org/questions/linux-server-73/bug-installation-syslog-ng-in-centos-5-6-server-883968/)

Bug installation Syslog-ng in Centos 5.6 server

Hi everybody,

I tried to install Syslog-ng-3.2.4 in Centos 5.6,when i need to start the deamon syslog-ng =>Failure and i have this message:

Code:

[root@RelaisXXX etc]# service syslog-ng start

Starting syslog-ng: Your configuration file uses an obsoleted keyword, please up

Your configuration file uses an obsoleted keyword, please update your configurat

Error creating persistent state file; filename='/usr/local/var/syslog-ng.persist

Starting Kernel Logger            [FAILED]

:

Can someone help me to find a solution of this error ? didn't modified much the configuration file,idon't know why i have this error!!!plz help

You could start by showing us the configuration file, no? We aren't psychic. Or you can just uninstall the rpm, ensure the configuration file is deleted and reinstall.

Reply: Bug installation Syslog-ng in Centos

hi,this is the configuration file like i said i didn't modify anything

Quote:

# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# 20000925 gb@sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
# - for Red Hat 7.3
# - totally do away with klogd
# - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
# - use the log_prefix option as per Balazs Scheidler's email
#

@version: 3.2
@include "scl.conf"
source src { file("/proc/kmsg"); unix-stream("/dev/log"); internal(); };
source s_local {
system();internal();
};
#This source combine everything
source s_everything {
internal();file("/proc/kmsg" log_prefix("kernel: "));
unix-stream("/dev/log");
};
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};

#
# At around 1999 some distributions have changed from using SOCK_STREAM
# to SOCK_DGRAM sockets, see these posts about the issue:
#
# http://www.security-express.com/arch...9-q4/0071.html
# http://marc.theaimsgroup.com/?l=sysk...9685607952&w=2
#
# libc and syslog clients generally automatically detect the socket type,
# so you are free to decide which of unix-stream or unix-dgram you want to use.
#
source s_sys { file ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };

filter f_filter1 { facility(kern); };
filter f_filter2 { level(info) and
not (facility(mail)
or facility(authpriv) or facility(cron)); };
filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp) or
(facility(news) and level(crit)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };

#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };

i followed the instruction of this tutorial;
http://www.docstoc.com/docs/28601285/Install-and-setup-Syslog-ng--PHP-Syslog-ng-Syslog-Server-IP,where they mentionned that i need just copy the "syslog-ng.conf.REDHAT" localized in "syslog-ng-3.2.4/contrib" to replace the file config created at the time of installation,i can't see where is the problem maybe in the script of starting syslog-ng the "init.d.REDHAT" !!!tx to reply me!!!and sorry for my english i'm french:newbie:

You are using an old configuration file for syslog-ng 3.2.4? In the link you posted they are speaking about the 2.x series. One thing I notice, replace:

Code:

long_hostnames (off);

with

Code:

chain_hostnames (off);

oh tx,yes i didn't pay attention of the version that they used in the link tx so much,
have u a guide configuration of syslog-ng 3.2.4 ?cause it's the first time i install it ,and have u an idea if this version is compatible whit my centos version (5.6)?

Just don't replace the file with an invalid one...

One additonal thing: when I upgraded syslog-ng on an openSUSE system from 2.x to 3.x and compiled it on my own (as I needed some of the new features) it was also necessary to make changes to AppArmor and allow syslog-ng to write at certain places.

I use Redhat system ,i read on some articles that Apparmor is an alternative of SeLinux in Redhat ,i never use it if u can show me why and what changes that u make to allow Syslog-ng write at certain places?it's really necessary ?
And if u have an idea what changes can i make in SElinux?

I never used SELinux on my own. You can first try to turn of AppArmor in case you use it. On openSUSE it’s:

Code:

# rcapparmor stop

Then try to start syslog-ng. If it’s working then, we can look into it. After the test you can start AppArmor again of course.