Syslog-NG Installation
The Syslog-NG, or System Log Next-Generation, service is an updated version of the default Syslog service found on FreeBSD and other UNIX and Unix-like systems (a paid-for version exists for Microsoft operating systems). Enhancements include the ability to filter content, various methods of storing information including separate files-per-device or MySQL databases and, a key feature, the addition of TCP for transportation of events (typically UDP is used on basic Syslog services).
The source code for Syslog-NG was used to create a commercial product maintained by | Balabit under the name Syslog-NG Premium Edition. This is a paid-for-support version of the free Syslog-NG code and revenue from it is used to fund development of the free edition.
Contents |
Purpose
For further information on the default Syslog service installed on FreeBSD see the main Syslog article. The following is an explanation of the purpose of Syslog-NG specifically.
The purpose of installing and utilising Syslog-NG becomes apparent when you begin to monitor Syslog events from multiple servers (and other network-attached Syslog-capable devices) and require a centralised method in which to do so. Furthermore the ability to easily track, view and manage Syslog events are important. The enhancements made to Syslog-NG permit this functionality.
Examples
There are a number of reasons why upgrading to Syslog-NG is beneficial:
- a data-centre that houses numerous network devices all capable of sending Syslog event notifications;
- a medium-to-large organisation that has a wide-spread presence in different locations;
- fault detection of unmanned systems;
- other Syslog-capable devices that may not have simplified means to view events.
They all run along similar lines and many medium and larger organisations may benefit from utilising Syslog-NG somewhere on the corporate network.
Installation
The following is a guide to installing (or upgrading to) Syslog-NG of FreeBSD. The particular release of FreeBSD should not matter too much. For reference the following was undertaken by the author on a HP ML570 G2 server using FreeBSD 7.0.
The installation will incorporate a web-based utility called PHP-Syslog-NG, a set of PHP-based scripts for use within Apache to enable browser access to the Syslog-NG stored events. This further requires MySQL to be installed and configured as the Syslog event store.
Pre-requisites
For guidance on installing FreeBSD review this article. It is highly recommended, if using MySQL, to allocate either a larger than normal '/var' volume or create a separate volume to store the MySQL database in - for example a secondary drive allocated as '/svr'.
This installation guide will require the following ports to be installed:
- Apache - this is only required if utilising the PHP-Syslog-NG web-based utility;
- MySQL - this is optional for normal Syslog-NG use but required for PHP-Syslog-NG;
- PHP - this is not required for normal Syslog-NG use but required for PHP-Syslog-NG;
- Syslog-NG - the updated Syslog service.
Notes
For reference the author selected Apache 2.2, MySQL 5.x and PHP 5.x and assigned a second (RAID5) drive entirely to an '/svr' volume (all regular FreeBSD volumes were allocated on the first (RAID1) drive).
If utilising the PHP-Syslog-NG web-based utility ensure that the MySQL dependency is selected under the Apache and PHP ports options page. The options page is displayed when running make from the ports system.