Install syslog-ng to replace rsyslog in CentOS

The EPEL project (Extra Packages for Enterprise Linux) provides Red Hat Enterprise Linux and derivatives with additional high quality packages. Syslog-ng was available for EPEL5 for a long time and is now also added to EPEL6, which provides packages for RHEL6. CentOS is gaining a strong presence in web serving, as almost one third of web servers are now running on this OS:http://blogs.computerworld.com/16596/the_most_popular_web_server_linux_is CentOS 6 should be released any day now. Scientific Linux ( http://www.scientificlinux.org/ ) is developed at CERN and used world wide by the research and higher education community. Version 6 of SL is already available.

EPEL6 has syslog-ng version 3.1, which is not the latest, but has support for most of the patterndb ( http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/features/pattern_db ) features, except for correlation. It also lacks built-in secure transport (SSL) and database (libdbi) support.

Installing syslog-ng from EPEL is easy (thanks to JPO for the instructions and the package):

  • add the EPEL repository using information atHTTP://FEDORAPROJECT.ORG/WIKI/EPEL
  • yum install --enablerepo=epel syslog-ng
  • chkconfig rsyslog off; chkconfig syslog-ng on
  • service rsyslog stop; service syslog-ng start

Done. You now can see that there is no heavy rsyslog process in your CentOS server any more 🙂

Leave a Reply