Back to the main page

syslog-ng - installation on Solaris10 global zone

This product is coming from Hungary. The main guy there is Balazs Scheidler.

The syslog-ng is a system logging application used mostly for creating centralized logging server.

Also, Nathan Campi has been writing a lot about logging and syslog-ng so please find his site online and check it, tons of stuff there.

I'll write some of my experiences installing syslog-ng on Sun Fire x4200 (x83 platform).

Interestingly, doesn't have syslog-ng, so syslog-ng can be downloaded from Below is what Sunfreeware tells you about syslog-ng. Download required packages (they are zipped package data stream)
Unzip them: gunzip *

Translate data stream to package directory so you can user 'pkgadd' command for installation (or first you want to verify if you have installed some of them).
# foreach i ( gcc-3.4.6-sol10-x86-local glib-2.14.1-sol10-x86-local libgcc-3.4.6-sol10-x86-local libiconv-1.11-sol10-x86-local libintl-3.4.0-sol10-x86-local openssl-0.9.8k-sol10-x86-local pcre-7.9-sol10-x86-local syslogng-3.0.2-sol10-x86-local )
foreach? echo ----- translate datastream ${i} ------------
foreach? echo
foreach? pkgtrans ${i} .
foreach? echo
foreach? echo ------ done with ${i} ------------
foreach? end
This will make you to have list of package dirs, so now you know exactly package name and can verify its presence on your system.
Package names from Sunfreeware starts with SMC, and you'll look for these ones: SMCevtlog, SMCgcc, SMCglib, SMClgcc346, SMCliconv, SMClintl, SMCossl, SMCpcre and SMCsyslng
# foreach i (`ls -la | awk '{print $9}' | egrep ^SMC`)
foreach? echo
foreach? echo ---- check package ${i} ----------
foreach? echo
foreach? pkginfo ${i}
foreach? echo
foreach? echo ----- done with ${i} ------------
foreach? end
In my case, I already have SMCglib and SMCevtlog, so let's install the rest of stuff (except syslog-ng just in case).
# foreach i ( SMCgcc SMClgcc346 SMCliconv SMClintl SMCossl SMCpcre )
foreach? echo
foreach? echo ----------- installing ${i} -----------
foreach? pkgadd -d . ${i}
foreach? echo
foreach? echo ----------- ${i} installed ---------
foreach? end
Note: If you get warning about presence of files (I guess older version), go ahead with Y to install newer version of "conflicting" files.

Let's install syslog-ng now.

The directory /usr/local/doc/syslogng/contrib has files to start with like sample of configuration file as syslog-ng.conf.SunOS.

Also check /usr/local/doc/syslogng/contrib/solaris-packaging for examples of .xml and method files (yes, this is Solaris 10 and we want to create service for syslog-ng).
 Taking care of configuration file 

You also have 2 configuration examples for Solaris, so start with modifying them:


Copy one of them to /usr/local/etc/syslog-ng.conf

 Taking care of PID and other temp file location 

Basically you want to put them in swap (reboot will remove them). 

You can see that swap is actually mounted on three filesystems

# df -F tmpfs -h
Filesystem             size   used  avail capacity  Mounted on
swap                    41G   676K    41G     1%    /etc/svc/volatile
swap                    41G     4K    41G     1%    /tmp
swap                    41G    20K    41G     1%    /var/run

Or use mount command:

# mount
/etc/svc/volatile on swap read/write/setuid/devices/xattr/dev=46c0001 on Mon Jul 20 17:51:38 2009
/tmp on swap read/write/setuid/devices/xattr/dev=46c0002 on Mon Jul 20 17:52:10 2009
/var/run on swap read/write/setuid/devices/xattr/dev=46c0003 on Mon Jul 20 17:52:10 2009

Since our PID will be placed in /usr/local/var we'll create symbolic link of this dir to /var/run (swap). 

/usr/local> ln -s /var/run var

Will make:

lrwxrwxrwx   1 root     root           8 Jul 22 11:39 var -> /var/run

 Taking care of .xml file (defines service properties) 

Copy .xml file (defines service's properties) to /var/svc/manifest/system

# cp -p syslog-ng.example.xml /var/svc/manifest/system/syslog-ng.xml

 Taking care of method file (defines how to start/stop/restart/refresh) 

Copy method example to directory /lib/svc/method

# cp -p syslog-ng.method /lib/svc/method/syslog-ng

Just make sure that "location" variables are properly defined, here is how should look after changes mentioned in this text (original variables as you can see are commented).  

"Refresh" method is missing in .xml definition I've noticed this method is not defined in properties file /var/svc/manifest/system/syslog-ng.xml , so next lines can be added there (say after 'stop' method).
      	exec='/lib/svc/method/syslog-ng %m'
        <method_credential user='root'/>
Interestingly, executable file /lib/svc/method/syslog-ng already has lines for reload the service and 'usage' is well done, but there is one thing. The command svcadm does not have "reload" option, but has "refresh". So "reload" will be replaced with "refresh".
                if [ -f $PIDFILE ]; then
                        syspid=`head -1 $PIDFILE`
                        [ "$syspid" -gt 0 ] && kill -1 $syspid && echo "syslog-ng service refreshed"
	echo "Usage: $0 { start | stop | restart | refresh }"
Disable syslogd (system-log service) # svcadm -v disable system-log svc:/system/system-log:default disabled. Validate and import the syslog-ng.xml # svccfg svc:> validate /var/svc/manifest/system/syslog-ng.xml svc:> import /var/svc/manifest/system/syslog-ng.xml svc:> quit Start syslog-ng # svcadm -v enable -r syslog-ng Cannot enable/start syslog-ng? You may have issue and service will go to maintenance mode. Check the log file, it's useful if you have separate putty window (if you use putty) open with command: # tail -f /var/svc/log/ system-syslog-ng:default.log Setting LD_LIBRARY_PATH ( ..... just thoughts/ideas, you may want to ignore this !!!!) Linking is joining object code files with system libraries. Libraries are linked statically or dynamically (called shared libraries). - Static libraries (.a suffix) are part of binaries. - Dynamic libraries (.so suffix) are referenced by location. Trend is moving to dynamic library, since it is pain if your static library is updated, you need to manually re-link binaries to use new library. Just note: Location of third party libraries can be specified to compiler with "-L dir". The ldd command lists all dynamic (shared) libraries that are loaded when executable file is loaded. Use ldd syslog-ng and see that syslog-ng is using some libraries from /usr/local/lib directory. Hence you want to add this directory to LD_LIBRARY_PATH
setenv LD_LIBRARY_PATH /usr/local/lib:${LD_LIBRARY_PATH}
This can be added to /.tcshrc (assuming you use tcsh shell) Verify variable with printenv Checking dependants of system-log (syslogd) Since system-log has been disabled, we have to make sure its dependents now depend on syslog-ng. This is what we have now. # svcs -D system-log STATE STIME FMRI disabled 16:50:23 svc:/system/auditd:default disabled 16:50:23 svc:/network/rarp:default online 16:50:55 svc:/network/cswnrpe:default online 16:50:57 svc:/network/smtp:sendmail online 16:51:04 svc:/milestone/multi-user:default Edit .xml file of dependent services, see example for "auditd" (yes, do backup of auditd.xml into auditd.xml_syslogd)
# diff auditd.xml auditd.xml_syslogd
<               name='syslog-ng'
>               name='syslog'
<               <service_fmri value='svc:/system/syslog-ng' />
>               <service_fmri value='svc:/system/system-log' />
After changing the .xml file, disable service (if not in disabled state), validate the file, and import it. Enable the service if needed. See example:
# svccfg
svc:> validate /var/svc/manifest/system/auditd.xml
svc:> import /var/svc/manifest/system/auditd.xml
svc:> quit
Do the same for other services: rarp, cswnrpe, smtp:sendmail and multi-user milestone. Okay, now we are good, see below (maybe reboot system just in case): # svcs -D system-log STATE STIME FMRI online 17:46:37 svc:/milestone/multi-user:default # svcs -D syslog-ng STATE STIME FMRI disabled 16:50:23 svc:/system/auditd:default disabled 16:50:23 svc:/network/rarp:default online 17:31:44 svc:/network/cswnrpe:default online 17:39:18 svc:/network/smtp:sendmail online 17:46:37 svc:/milestone/multi-user:default

I didn't mention this throughout document, but you probably want to check permission and ownership of configuration, .xml and method files. I guess you want them to be owned by root, and also make sure method file /lib/svc/method/syslog-ng is executable.

Back to the main page