CentOS - Nov 2010 - rsyslog as default syslog daemon?

Hi all!

Is anybody here using rsyslog? I am looking for the right solution how 
to use rsyslog in CentOS 5 as the default logging daemon. We use it 
because of filtering using regular expressions.

I switched from sysklogd to rsyslog simply using

chkconfig --del syslog
chkconfig --add rsyslog
chkconfig rsyslog on
service syslog stop
service rsyslog start

but this seems not to be "bullet-proof" solution - when yum
automaticaly
install updates, sysklogd rpm package runs postinstall scriptlet which 
unfortunately returns sysklogd back to game (and breaks logging based on 
regex).

# rpm -q --scripts sysklogd
postinstall scriptlet (using /bin/sh):
if [ "$1" -ge 1 ]; then
    /sbin/chkconfig --add syslog				<<HERE
    for n in /var/log/{messages,secure,maillog,spooler}
    do
         [ -f $n ] && continue
         touch $n
         chmod 600 $n
    done
    /sbin/service syslog condrestart > /dev/null 2>&1
fi
exit 0
...


# chkconfig --list syslog
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off



Meanwhile, automatic update of rsyslog package results (thanks to 
postinstall scriptlet) into disabled rsyslog :-/ ...

# rpm -q --scripts rsyslog
postinstall scriptlet (using /bin/sh):
/sbin/chkconfig --add rsyslog				<<HERE
for n in /var/log/{messages,secure,maillog,spooler}
do
         [ -f $n ] && continue
         umask 066 && touch $n
done
...

# chkconfig --list rsyslog
rsyslog         0:off   1:off   2:off   3:off   4:off   5:off   6:off



- uninstalling sysklogd package will not solve the problem of disabling 
rsyslog after yum update. Or should I uninstall it and simply change '# 
chkconfig:' part of rsyslog rc script?

- I don't want to disable automatic updates of sysklogd and rsyslog 
packages using /etc/yum.conf:exclude=... bacause of security reasons.

- I think about using 'alternatives', but I am not sure if it is the 
appropriate solution.

- should I report to Red Hat's bugzilla?



Maybe I overlooked something in documentation.

Thank you for any advice and patience.


Andrej

Andrej Moravcik wrote:
> Hi all!
> 
> Is anybody here using rsyslog? I am looking for the right solution how 
> to use rsyslog in CentOS 5 as the default logging daemon. We use it 
> because of filtering using regular expressions.
> 
> I switched from sysklogd to rsyslog simply using
> 
> chkconfig --del syslog
> chkconfig --add rsyslog
> chkconfig rsyslog on
> service syslog stop
> service rsyslog start
> 
> but this seems not to be "bullet-proof" solution - when yum
automaticaly
> install updates, sysklogd rpm package runs postinstall scriptlet which 
> unfortunately returns sysklogd back to game (and breaks logging based on 
> regex).
I think your problem is that you did 'chkconfig --del syslog' - as the 
man page states:

--del name
        The  service  is removed from chkconfig management, and any sym-
        bolic links in /etc/rc[0-6].d which pertain to it are removed.

        Note that future package installs for this service may run  chk-
        config  --add,  which  will re-add such links. To disable a ser-
        vice, run chkconfig name off.

I believe you should have done 'chkconfig syslog off' instead.

We use rsyslog instead of sysklogd and don't get this problem.

James Pearson