syslog-ng Premium Edition 6.0.16 - Administration Guide

Preface Chapter 1. Introduction to syslog-ng Chapter 2. The concepts of syslog-ng Chapter 3. Installing syslog-ng Chapter 4. The syslog-ng PE quick-start guide Chapter 5. The syslog-ng PE configuration file Chapter 6. Collecting log messages — sources and source drivers Chapter 7. Sending and storing log messages — destinations and destination drivers Chapter 8. Routing messages: log paths, reliability, and filters Chapter 9. Global options of syslog-ng PE Chapter 10. TLS-encrypted message transfer Chapter 11. FIPS-compliant syslog-ng Chapter 12.  Reliable Log Transfer Protocol™ Chapter 13. Reliability and minimizing the loss of log messages Chapter 14. Manipulating messages Chapter 15. Parsing and segmenting structured messages Chapter 16. Processing message content with a pattern database Chapter 17. Statistics and metrics of syslog-ng Chapter 18. Multithreading and scaling in syslog-ng PE Chapter 19. Troubleshooting syslog-ng Chapter 20. Best practices and examples About us

Installing syslog-ng PE using .pkg installer

Installing syslog-ng PE using .pkg installer

The syslog-ng PE application can be installed with user-interaction or in silent mode.

The generic syslog service of the operating system is stopped and deregistered automatically by the installer before installation.

Caution:

Remove any other syslog service before starting the installation. Failing to do so might have unpredictable results.

The syslog-ng PE application is compatible with the standard Solaris logrotate mechanism by default.

Procedure 3.6. Installing syslog-ng PE with user-interaction

Purpose: 

The syslog-ng PE application can be installed in an interactive way.

Steps: 

  1. Unpack the package with the following command:

    gunzip syslog-ng-premium-edition-<version>-<OS>-<architecture>.pkg.gz
  2. Run the following command:

    pkgadd -d syslog-ng-premium-edition-<version>-<OS>-<architecture>.pkg BBsyslng
  3. Answer the questions with y or n. Besides these, the following commands are available: ? displays the help, q exits the installer. The installer generates a default configuration file for syslog-ng PE based on the answers (if an old configuration file is not used):

    • the path of the license file

    • whether an old configuration file is to be used (if the answer is yes, the rest of the questions will be skipped)

    • if a new configuration file is requested, whether syslog-ng PE will send or receive logs over the network

  4. The installer finishes the installation and the replaces the default syslog service with syslog-ng PE.

Procedure 3.7. Installing syslog-ng PE without user-interaction

Purpose: 

The syslog-ng PE application can be installed in silent mode without any user-interaction by specifying the required parameters from the command line. Answers to every question of the installer can be set in advance using command-line parameters.

Steps: 

  1. Generate a response file that contains the answers to the questions.

    pkgask -r <responsefile> -d syslog-ng-premium-edition-<version>-<OS>-<architecture>.pkg BBsyslng

    For example:

    pkgask -r response_file -d syslog-ng-premium-edition-4.2.1-solaris10-amd64.pkg BBsyslng

    Caution:

    The pkgask will fail if the response file already exists.

  2. Run the pkgadd command with the added response file answering y to all questions.

    yes | pkgadd -r <responsefile> -d syslog-ng-premium-edition-<version>-<OS>-<architecture>.pkg BBsyslng

    Caution:

    pkgask runs the request script of the package under the current condition of the operating system. The installation might fail if something changes (another syslog-ng PE package has been installed, configuration file has been removed), because the response file's contents will be invalid.

Procedure 3.8. Installing syslog-ng PE from a transformed PKG package

Purpose: 

The syslog-ng PE application can be installed from a normal file structure. To perform this, transform the .pkg package.

Steps: 

  1. To transform the .pkg package, execute the following command:

    pkgtrans syslog-ng-premium-edition-<version>-<OS>-<architecture>.pkg <outdirectory>

    In this case, the .pkg package will be extracted to the <outdirectory> directory.

    Example 3.1. Extracting syslog-ng PE from a transformed PKG package

    pkgtrans syslog-ng-premium-edition-4.2.0-solaris-9-sparc.pkg /tmp/out

    This will extract the files to the /tmp/out/BBsyslng directory.


  2. To install syslog-ng PE, execute the following command:

    pkgadd <options> -d <outdirectory> BBsyslng

    In this case, <options> stand for the pkgadd options, for example -r <responsefile>.

Installing syslog-ng without user-interaction on Windows

Installing syslog-ng without user-interaction on Windows

The syslog-ng Premium Edition application can be installed in silent mode as well, without requiring any user interaction. The various installer options can be specified as command-line options. Using the /S option is required. The following options are available:

/A

Start the syslog-ng PE service (/A=yes) when the installation is finished. The syslog-ng PE service will start only if a valid configuration file is installed as well.

NOTE:

Only one syslog-ng can be installed as service.

/D=<path>

Install the syslog-ng PE into the specified folder (%INSTALLDIR%).

Caution:

If you use the /D option, make sure that this is the last option in the command-line. For example: syslog-ng-<version>-setup.exe /S /D=c:\syslog-ng\

/F=<path>

Enter the path to the syslog-ng PE configuration file. The installer will copy the specified configuration file to %INSTALLDIR%\etc\syslog-ng.conf.

Caution:

The syslog-ng PE application will not use the specified file directly, but copy it to %INSTALLDIR%\etc\syslog-ng.conf. To modify the configuration of syslog-ng PE, edit the %INSTALLDIR%\etc\syslog-ng.conf file. By default, syslog-ng PE is installed into the C:\Program Files\syslog-ng directory.

/L=<path>

Enter the path to the license file. The installer will copy the specified license file to %INSTALLDIR%\etc\license.txt.

/M

Add entries about syslog-ng PE to the Start menu.

/P

Only unpack syslog-ng PE into the specified destination folder. If this option is enabled, (/P=yes), the installer will ignore other options (except for /D that specifies the destination folderh).

/R

Register the syslog-ng PE service (/R=yes).

/S

Start the installer in silent mode. This option is required for the silent installation.

Upgrading syslog-ng PE

Upgrading syslog-ng PE

This section describes the possible upgrade paths of syslog-ng PE.

Upgrading from previous syslog-ng PE versions to 6 LTS

Upgrading is supported from the following syslog-ng PE versions:

  • syslog-ng PE 5 LTS (5.0.x)

  • syslog-ng PE 5 F6 (5.6.x)

To upgrade an existing syslog-ng PE installation, see Procedure 3.11, “Upgrading to syslog-ng PE 6 LTS”.

Procedure 3.11. Upgrading to syslog-ng PE 6 LTS

Purpose: 

To upgrade to syslog-ng PE 6 LTS, complete the following steps:

Steps: 

  1. Download the new installer package. Use the same package type as you used for the installation (for example, use the .run package for the upgrade if you have originally installed syslog-ng PE using a .run installer).

  2. Install syslog-ng PE and check the warnings. Upgrade the respective parts of your configuration if needed.

  3. Set the version of the configuration file to 6.0.

Upgrading syslog-ng PE to other package versions

This scenario is not supported and will fail with the following error messages.

Upgrading from platform-specific package to .run

Upgrading from rpm package to .run package. 

Unsupported. Installation stops and the following error message is displayed:

Incompatible syslog-ng package already installed

Upgrading from deb package to .run package. 

Unsupported. Installation stops and the following error message is displayed:

Incompatible syslog-ng package already installed

Upgrading from pkg package to .run package. 

Unsupported. Installation stops and the following error message is displayed:

Incompatible syslog-ng package already installed to <syslog-ng path>

Upgrading from .run to a platform-specific package

This scenario is not supported and will fail with the following error messages. To replace a .run package with a platform-specific package, create a backup of your configuration and persist files, uninstall the .run package using the --purge option, then install the platform-specific package.

Upgrading from .run package to rpm package. 

Unsupported. Installation stops and the following error message is displayed:

Incompatible standalone (.run) installer of syslog-ng Premium Edition

Caution:

Hazard of data loss! Installing rpm package syslog-ng PE on AIX platform is possible even if the upgrade conditions are not met, since the rpm package installs before checking the upgrade conditions and therefore no error message is displayed. This might result in overwriting the old configuration file.

Upgrading from .run package to deb package. 

Unsupported. Installation stops and the following error message is displayed:

Errors were encountered while processing

Upgrading from .run package to pkg package. 

Unsupported. Installation stops and the following error message is displayed:

Please remove the conflicting package before installing this package. Installation aborted.

Upgrading from syslog-ng PE to syslog-ng OSE

Upgrading from syslog-ng PE to syslog-ng OSE is unsupported since it counts as downgrading.

Upgrading from complete syslog-ng PE to client setup version of syslog-ng PE

The installer displays the following message if you try to upgrade from complete syslog-ng PE to client setup syslog-ng PE with .run package.

This version of syslog-ng Premium Edition doesn't support storing messages in SQL servers, while the installed one did.

Uninstalling syslog-ng PE

Uninstalling syslog-ng PE

If you need to uninstall syslog-ng PE for some reason, you have the following options:

  • If you have installed syslog-ng PE using the .run installer: Execute the uninstall.sh script located at /opt/syslog-ng/bin/uninstall.sh. The uninstall script will automatically restore the syslog daemon used before installing syslog-ng. To completely remove syslog-ng PE, including the configuration files, use the uninstall.sh --purge command.

  • If you have installed syslog-ng PE from a .deb package: Execute the dpkg -r syslog-ng-premium-edition command to remove syslog-ng, or the dpkg -P syslog-ng-premium-edition command to remove syslog-ng PE and the configuration files as well. Note that removing syslog-ng PE does not restore the syslog daemon used before syslog-ng.

  • If you have installed syslog-ng PE from an .rpm package: Execute the rpm -e syslog-ng-premium-edition command to remove syslog-ng PE. Note that removing syslog-ng PE does not restore the syslog daemon used before syslog-ng PE.

  • If you have installed syslog-ng PE from a .pkg package: Execute the pkgrm BBsyslng command to remove syslog-ng PE. Note that removing syslog-ng PE does not restore the syslog daemon used before syslog-ng.

    For automatic uninstall (answering y to all questions): Execute the yes | pkgrm BBsyslng command.

    The following files have to be deleted manually:

    • <syslog-ng path>/etc/syslog-ng.conf

    • <syslog-ng path>/var/syslog-ng.persist

    • <syslog-ng path>/var/syslog-ng-00000.qf

    • anything else under the <syslog-ng path>/var directory

  • On Microsoft Windows, run the uninstall.exe file from the installation directory of syslog-ng PE.

    To uninstall syslog-ng PE without user interaction, use the /S option. By default, the uninstaller does not delete the configuration and license files and the status information (the etc and var folders). To delete every file, use the /C=yes option, that will delete the configuration file as well: uninstall.exe /S /C=yes

Related Documents