Integrating syslog-ng on Solaris 10
Hi On Solaris machine the legacy logging is done by SMF system-log. And there are many Solaris SMF which depends on system-log SMF. If I want to integrate syslog-ng to Solaris box , should I disable system-log SMF ? But disabling "system-log" will cause few legacy SMF to go down. I can't have system-log SMF and syslog-ng enabled at the same time since it would result in logging twice. Can any one suggest alternative approach for integrating syslog-ng to Solaris box. Regards Pramod
Can you make system-log collect the things it should collect, then relay to syslog-ng? Meanwhile, you can tweak syslog-ng's config to make sure it doesn't open any of the files or sockets that you see that system-log has claimed when it's running using pfiles or such commands. Matthew. On Sun, May 01, 2011 at 01:17:06PM +0530, Pramod Pillai wrote:
Hi
On Solaris machine the legacy logging is done by SMF system-log. And there are many Solaris SMF which depends on system-log SMF. If I want to integrate syslog-ng to Solaris box , should I disable system-log SMF ? But disabling "system-log" will cause few legacy SMF to go down. I can't have system-log SMF and syslog-ng enabled at the same time since it would result in logging twice.
Can any one suggest alternative approach for integrating syslog-ng to Solaris box.
Regards Pramod
An alternative would be updating /etc/init.d/syslog to start syslog-ng instead of syslogd.. From /lib/svc/share/smf_include.sh one can load useful functions and exit codes to be SMF-compliant. On Mon, May 2, 2011 at 8:15 AM, Matthew Hall <mhall@mhcomputing.net> wrote:
Can you make system-log collect the things it should collect, then relay to syslog-ng?
Meanwhile, you can tweak syslog-ng's config to make sure it doesn't open any of the files or sockets that you see that system-log has claimed when it's running using pfiles or such commands.
Matthew.
On Sun, May 01, 2011 at 01:17:06PM +0530, Pramod Pillai wrote:
Hi
On Solaris machine the legacy logging is done by SMF system-log. And there are many Solaris SMF which depends on system-log SMF. If I want to integrate syslog-ng to Solaris box , should I disable system-log SMF ? But disabling "system-log" will cause few legacy SMF to go down. I can't have system-log SMF and syslog-ng enabled at the same time since it would result in logging twice.
Can any one suggest alternative approach for integrating syslog-ng to Solaris box.
Regards Pramod
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
On Mon, May 02, 2011 at 12:04:44PM +0200, Sandor Geller wrote:
An alternative would be updating /etc/init.d/syslog to start syslog-ng instead of syslogd.. From /lib/svc/share/smf_include.sh one can load useful functions and exit codes to be SMF-compliant.
That's exactly what I did - I installed syslog-ng from sunfreeware.com and then reconfigured system-log using "svcadm" with the XML file shown below. This starts syslog-ng with the method supplied in the sunfreeware.com package. -- Ed --------------------------- syslog-ng.xml <?xml version="1.0"?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <service_bundle type='manifest' name='system-log'> <!-- Steal the FMRI of the regular syslogd, so that things which depend on "system-log" running (like rarp) do not automatically get turned off by Solaris. --> <service name='system/system-log' type='service' version='1'> <create_default_instance enabled='false' /> <single_instance/> <dependency name='milestone' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/milestone/sysconfig' /> </dependency> <!-- syslog-ng can log to non-root local directories. --> <dependency name='filesystem' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/system/filesystem/local' /> </dependency> <!-- syslog-ng needs nameservice resolution to log to remote hosts. --> <dependency name='name-services' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/milestone/name-services' /> </dependency> <dependent name='system-log_single-user' timeout_seconds='60' /> <property_group name='general' type='framework'> <!-- to start stop syslog daemon --> <propval name='action_authorization' type='astring' value='solaris.smf.manage.system-log' /> </property_group> <stability value='Unstable' /> <template> <common_name> <loctext xml:lang='C'> syslog-ng </loctext> </common_name> <documentation> <manpage title='syslog-ng' section='1M' manpath='/usr/local/share/man' /> </documentation> </template> </service> </service_bundle>
-----BEGIN PGP SIGNED MESSAGE----- On May 1, 2011, at 3:47 AM, Pramod Pillai wrote:
On Solaris machine the legacy logging is done by SMF system-log. And there are many Solaris SMF which depends on system-log SMF.
Solaris SMF knows the concept of instances, i.e. you can configure multiple instances of an SMF object like system-log. What I did in my case I grabbed a copy of the default manifest of system-log and added another instance block right at the end of the default instance: <instance name='syslog-ng' enabled='false'> <exec_method type='method' name='start' exec='/usr/local/etc/svc/method/syslog-ng %m' timeout_seconds='600'> <method_context> <method_credential user='root' /> </method_context> </exec_method> <exec_method type='method' name='stop' exec='/usr/local/etc/svc/method/syslog-ng %m' timeout_seconds='60'> <method_context> <method_credential user='root' /> </method_context> </exec_method> <exec_method type='method' name='restart' exec='/usr/local/etc/svc/method/syslog-ng %m' timeout_seconds='60'> <method_context> <method_credential user='root' /> </method_context> </exec_method> <template> <common_name> <loctext xml:lang='C'> system log ng </loctext> </common_name> <documentation> <manpage title='syslog-ng' section='8' manpath='/usr/local/man' /> </documentation> </template> </instance> Once you delete the default manifest and import the modified manifest by using svccfg you will have two instances of system-log: $ svcs system-log STATE STIME FMRI disabled Nov_11 svc:/system/system-log:default online Nov_11 svc:/system/system-log:syslog-ng That will satisfy all the dependencies other services and milestones my have. - - Michael -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.0.3 (Build 1) Charset: us-ascii wsBVAwUBTcAO/JbfnpCg64TVAQF1jwf/TZC1U3F/IciG78fljEUv+XYqDP2AVHrg BKW3jVfKGjzBmYbXFdjT9Edxoo+jDwvinkyAE3+hLoasOwYKc9h17ZIddbDIS5q4 2hKIHfaVMV2cD0urDTnCscFOiEp4prV0bCoGyQzo+Jv/p9e+AxSaAb6UBWgi/hDi n3RLbqcCdOClG3pHUWfI2641YR+iKGsvrXcRUbABzSX4Ag1umJirdPV6WV9mxAK6 cRnOMtdba+wBhyZAVl6bZvDwx52UffzWai4X5yxOsGX2jOGqA+j7ARXU0fdgnnXl x85Jz8vvw1v1jrPFKXJ3yb692Gyzly46VbKSEsIXJJLg7Vs+PMiv5Q== =xgWz -----END PGP SIGNATURE-----
participants (5)
-
Ed Ravin
-
Matthew Hall
-
Michael Hocke
-
Pramod Pillai
-
Sandor Geller