For many years – especially after syslog-ng changed to a rolling release model – users I talked to asked for up-to-date RPM packages. They also asked for a separate repository for each new release to avoid surprises (a new release might accidentally or even intentionally break old features) and to be able to use a given release if they want to (“if it works, do not fix it”). That is how my unofficial RPM repositories were born.

Recently some long-time syslog-ng users and members of the Splunk community started to ask for a repository, which always has the latest syslog-ng version available. Most users still prefer to use separate repositories. That is how I came up with the idea for the syslog-ng-stable repository: I push a new release to this new rolling repo only after at least a week of delay. This is enough to spot most major problems. Once the delay is over and everything seems to be OK, I can push the latest release to the syslog-ng-stable repo. If there is a bigger problem, I can skip the release in the stable repo or wait for a fix.

Which package to install?

You can use many log sources and destinations in syslog-ng. The majority of these require additional dependencies to be installed. If all the features would be included in a single package, installing syslog-ng would also install dozens of smaller and larger dependencies, including such behemoths as Java. This is why the syslog-ng package includes only the core functionality, and features requiring additional dependencies are available as sub-packages. The most popular sub-package is syslog-ng-http (or syslog-ng-curl on openSUSE), which installs the HTTP destination driver used to store messages to Elasticsearch, Splunk or Slack, but there are many others as well. Depending on your distribution: “zypper search syslog-ng” or a similar command will list you all the possibilities.

Installing syslog-ng on RHEL and CentOS 7 (& 8)

1. Depending on whether you have RHEL or CentOS 7 (or 8), do the following:

  • On RHEL 7: Enable the so-called “optional” repository, which contains a number of packages that are required to start syslog-ng:

subscription-manager repos --enable rhel-7-server-optional-rpms
  • On RHEL 8: Enable the so-called "supplementary" repository

subscription-manager repos --enable rhel-8-for-x86_64-supplementary-rpms
  • On CentOS: The content of this repo is included on CentOS, so you do not have to enable it there separately

2. The Extra Packages for Enterprise Linux (EPEL) repository contains many useful packages, which are not included in RHEL. A few dependencies of syslog-ng are available in this repo. You can enable it by downloading and installing an RPM package (replace 7 with 8 for RHEL 8):

wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh epel-release-latest-7.noarch.rpm

3. Add my syslog-ng-stable repo from the Copr build service, which contains the latest unofficial stable build of syslog-ng. Download the repo file to /etc/yum.repos.d/, so you can install and enable syslog-ng:

cd /etc/yum.repos.d/
wget https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng-stable/repo/epel-7/czanik-syslog-ng-stable-epel-7.repo
yum install syslog-ng
systemctl enable syslog-ng
systemctl start syslog-ng

Add any further sub-packages you need.

4. It is not strictly required, but you can avoid some confusion, if you also delete rsyslog at the same time:

yum erase rsyslog

Installing syslog-ng on Fedora

Installation on Fedora is a lot simpler.

1. Download the repo file according to your distribution version from https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng-stable/ and save it to the /etc/yum.repos.d/ directory. For example, on Fedora 30:

cd /etc/yum.repos.d/
wget https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng-stable/repo/fedora-30/czanik-syslog-ng-stable-fedora-30.repo

2. Next, install and enable syslog-ng:

dnf install syslog-ng
systemctl enable syslog-ng
systemctl start syslog-ng

Add any further sub-packages you need.

3. It is not strictly required, but you can avoid some confusion, if you also delete rsyslog at the same time:

dnf erase rsyslog

Install syslog-ng on openSUSE or SLES

1. First, you need to add the repository containing syslog-ng and its dependencies. Open https://build.opensuse.org/project/show/home:czanik:syslog-ng-stable and you will find repository URLs on the right hand side behind the links named after distributions. For example, on SLES 15 SP1 you can use the following command to add the repository:

zypper ar https://download.opensuse.org/repositories/home:/czanik:/syslog-ng-stable/SLE_15_SP1/ syslog-ng-stable

2. Next, you can install syslog-ng:

zypper in syslog-ng

Add any further sub-packages you need.

If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik.

Anonymous
Related Content