Compiling syslog-ng 3.01 on CentOS 5.2
Hi -- Just thought this might be useful to someone who is compiling on CentOS. There were a few minor issues that came up, but otherwise it went pretty smoothly. Documentation says to use this -- PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH However, using that I ended up with a colon at the end, which didn't work, and which I didn't catch immediately... PKG_CONFIG_PATH=/usr/local/lib/pkgconfig: Also, I needed to export -- export PKG_CONFIG_PATH Maybe it could be export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/local/lib/pkgconfig I did have to install newer versions of libdbi and libdbi-drivers, from http://libdbi.sourceforge.net/ For libdbi-drivers, remember to specify which ones you want during configuration: ./configure --with-pgqsl After that, this worked: LIBDBI_CFLAGS=-I/usr/local/include LIBDBI_LIBS="-L/usr/local/lib -ldbi" ./configure --sysconfdir=/etc/syslog-ng/ --enable-tcp-wrapper --enable-sql --enable-dynamic-linking (Make sure to link with libs/dirs for my newly installed libdbi which were in /usr/local/include and /usr/local/lib, not the system default ones if they were already installed.) Note that this installs the executables in the default location, which is /usr/local, but looks for the configuration file in the standard place, /etc/syslog-ng/. I adjusted the /etc/init.d/syslog-ng file so it would use the executable in /usr/local/sbin: exec="/usr/local/sbin/syslog-ng" Also, I needed to run ldconfig so that syslog-ng would find libevtlog.so.0 in /usr/local/lib. At that point, I was able to start using the previous (v. 1.6) configuration file, albeit with warnings. This is a Linux system, and initially I added --enable-linux-caps to the configure line, although I wasn't sure what that would do. I got an error and so, removed it. What exactly are linux-caps? Should I go back and try to re-compile with that option? Liam -- Liam Kirsher PGP: http://liam.numenet.com/pgp/
On Fri, 2009-02-13 at 13:52 -0800, Liam Kirsher wrote:
Hi --
Just thought this might be useful to someone who is compiling on CentOS. There were a few minor issues that came up, but otherwise it went pretty smoothly.
Documentation says to use this -- PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH However, using that I ended up with a colon at the end, which didn't work, and which I didn't catch immediately... PKG_CONFIG_PATH=/usr/local/lib/pkgconfig: Also, I needed to export -- export PKG_CONFIG_PATH Maybe it could be export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/local/lib/pkgconfig
I did have to install newer versions of libdbi and libdbi-drivers, from http://libdbi.sourceforge.net/ For libdbi-drivers, remember to specify which ones you want during configuration: ./configure --with-pgqsl
After that, this worked: LIBDBI_CFLAGS=-I/usr/local/include LIBDBI_LIBS="-L/usr/local/lib -ldbi" ./configure --sysconfdir=/etc/syslog-ng/ --enable-tcp-wrapper --enable-sql --enable-dynamic-linking (Make sure to link with libs/dirs for my newly installed libdbi which were in /usr/local/include and /usr/local/lib, not the system default ones if they were already installed.)
Note that this installs the executables in the default location, which is /usr/local, but looks for the configuration file in the standard place, /etc/syslog-ng/. I adjusted the /etc/init.d/syslog-ng file so it would use the executable in /usr/local/sbin: exec="/usr/local/sbin/syslog-ng"
Also, I needed to run ldconfig so that syslog-ng would find libevtlog.so.0 in /usr/local/lib.
At that point, I was able to start using the previous (v. 1.6) configuration file, albeit with warnings.
This is a Linux system, and initially I added --enable-linux-caps to the configure line, although I wasn't sure what that would do. I got an error and so, removed it. What exactly are linux-caps? Should I go back and try to re-compile with that option?
This enables support for Linux capabilities. It is a means to restrict 'root' privileges to the minimum subset. Here is a list of articles that seem to be explaining what it is after performing a quick google search: http://www.linuxjournal.com/article/5737 http://linux.die.net/man/7/capabilities The point is that syslog-ng drops all unnecessary capabilities during its operation. And the ones it keeps are not in effect during normal operation, they are enabled when it strictly needs them. A further step in securing syslog-ng is to use a non-root user, with capability support it is possible to initialize the configuration that requires root-level access, even with using syslog-ng as non-root. However --user/--group option is currently broken in 3.0.1, but already fixed in the git repository. -- Bazsi
participants (2)
-
Balazs Scheidler
-
Liam Kirsher