Last week, we explored the different syslog-ng packages available for RPM-based Linux distributions, used by the majority of our Linux users. This week, we focus on FreeBSD, the platform of choice for most of our non-Linux users.
From this blog, you can learn about the features that are in the binary syslog-ng packages, how to compile syslog-ng for yourself from ports and the current syslog-ng version policy in ports.
For the past couple of years, syslog-ng was made available as a rolling release. There is a new release roughly every second month containing both new features and fixes for bugs reported for the previous version(s). Each new release receives a dedicated port in the FreeBSD ports tree. They are named based on the version number, for example, syslog-ng 3.25 is available in sysutils/syslog-ng325.
As we do not want to fill up the FreeBSD port system with syslog-ng releases, older releases are removed from ports regularly. The current policy is that a syslog-ng version is marked as deprecated as soon as a new version is out. Older syslog-ng versions are deleted after about a year.
Creating a new port for each new release helps to avoid surprises (a new release might accidentally or even intentionally break old features) and it allows the use of a given release indefinitely (“if it works, do not fix it”). On the other hand, you might want to use the latest available version all the time. Of course, before each upgrade, it needs a bit of extra testing. Additionally, there is also a sysutils/syslog-ng metaport available, which pointsat the latest stable syslog-ng version in ports. Most of the time this means the latest syslog-ng version but if a serious problem is identified on other platforms, then we might keep pointing the metaport at the previous version.
The FreeBSD project builds ready to install binary packages from ports every three months. This means that you can use binary packages and do not have to compile software yourself unless the default options do not fit your needs. When it comes to default options, we tried to reach a balance. While we tried to avoid any options requiring extra dependencies (so syslog-ng does not pull in Java & Co automatically), some of the most popular features are still enabled to cover as many use cases as possible.
The default configuration has JSON and HTTP support enabled. This way you can parse and create JSON payload and send logs to Splunk, Elasticsearch and different cloud services, like Slack or Telegram. These two options cover the needs for the vast majority of the syslog-ng user base. But there are a lot more features available, which are used by a smaller number of users (Riemann or AMQP destinations, and so on). If you need those, jump to the section detailing how to build syslog-ng yourself. Check https://www.freshports.org/sysutils/syslog-ng/ for a complete list of configuration options in the port.
As we discussed earlier when describing available syslog-ng versions, the name of the package is the same as the name of the port. This means, that you can install version 3.25 of syslog-ng using the following command:
pkg install syslog-ng325
If you would rather use a syslog-ng package, which changes automagically to the latest stable version, use the “syslog-ng” package instead:
pkg install syslog-ng
Building syslog-ng from source – using ports
First of all, compiling from source should mean using ports. Otherwise, you lose your ability to manage packages and easily update syslog-ng once a new version is out.
As mentioned earlier, the default syslog-ng configuration in ports enables JSON and HTTP. While you can disable these and save a few kilobytes of memory, it is not recommended. They are used by many of the configuration snippets included in the syslog-ng configuration library (SCL), enabled in the default syslog-ng configuration. If you really need to disable these for some reason, make sure that you create your own syslog-ng.conf without including SCL.
The syslog-ng ports are available under the /usr/ports/sysutils directory. Choose the version, which best suits your needs and change to that directory. The following command brings up a configuration menu:
Make the necessary changes and save the configuration. Now you can compile and install syslog-ng. You might need to configure and compile additional software dependencies while compiling syslog-ng. Or you can install dependencies from packages. You can even create packages for yourself and distribute them inside your organization. Here I just show the simplest solution: installing syslog-ng from ports after configuration and cleaning the directory afterwards with a single command:
make install clean
There are two of us who keep the syslog-ng ports in FreeBSD going. Cy Schubert is the official port maintainer who commits changes to ports and makes sure that the updates I make conform with the port’s rules. This makes maintaining the syslog-ng port easier for both of us.
If you run into any problems with syslog-ng on FreeBSD or have any feature requests, you can reach us in multiple ways. If you post to the FreeBSD problem report database, then it will be first read by Cy. If you post to syslog-ng GitHub Issues, it will be first read by me. In either case, we discuss it and try to come up with a solution together.
If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik.