AWG Blogs

Sunday, June 12, 2011

Install syslog-ng 3.3 on CentOS 5.5

Download from Balabit: syslog-ng_3.3.0bet1.tar.gz or syslog-ng_3.3.0beta2.tar.gz (see and unpack.
to get the latest, install git:
first update the repo to obtain epels:
rpm -Uvh
then yum install git
or download the snapshot from;a=tree
and untar over the above.

There may be prereqs on your system.

Download these rpms and install. :

rpm -Uvh kernel-headers-2.6.18-238.el5.i386.rpm
rpm -Uvh glibc-headers-2.5-58.i386.rpm
rpm -Uvh glibc-devel-2.5-58.i386.rpm
rpm -Uvh gcc-4.1.2-50.el5.i386.rpm
rpm -Uvh zlib-1.2.3-4.el5.i386.rpm
rpm -ivh zlib-devel-1.2.3-4.el5.i386.rpm
rpm -Uvh libffi-3.0.5-1.el5.kb.i386.rpm
rpm -Uvh libffi-devel-3.0.5-1.el5.kb.i386.rpm

Then install glib
tar jxvf glib-2.29.4.tar.bz2
cd glib-2.29.4
make install
done with installing glib prerequisite

Before install syslog-ng 3.3 beta, do
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH
so that eventlog is found.

also do yum install openssl-devel

rpm -Uvh e2fsprogs-devel-1.39-23.el5_5.1.i386.rpm
rpm -Uvh keyutils-libs-devel-1.2-1.el5.i386.rpm
rpm -Uvh libselinux-devel-1.33.4-5.7.el5.i386.rpm
rpm -Uvh libsepol-devel-1.15.2-3.el5.i386.rpm
rpm -Uvh libselinux-devel-1.33.4-5.7.el5.i386.rpm
rpm -Uvh krb5-devel-1.6.1-55.el5.i386.rpm
rpm -Uvh openssl-devel-0.9.8e-12.el5_5.7.i386.rpm

cd eventlog-0.2.12/
make install
then enter syslog-ng dir and
./configure --enable-pcre --disable-mongodb --disable-ipv6
make install
Note: To install with PCRE enabled, must first yum install pcre-devel
After that, some more setup:
mkdir /usr/local/var
cd /root/syslog-ng/syslog-ng-3.3.0beta1/contrib/
cp rhel-packaging/syslog-ng.init /etc/init.d/syslog-ng
cp rhel-packaging/syslog-ng.conf /usr/local/etc/
cp rhel-packaging/syslog-ng.logrotate /etc/logrotate.d/syslog-ng
chmod 755 /etc/init.d/syslog-ng
vi /etc/init.d/syslog-ng
Then change the binary to "/usr/local/sbin/syslog-ng"
Then start the service:
chkconfig syslog off or chkconfig rsyslog off as applicable

chkconfig syslog-ng on

service syslog stop

service syslog-ng start

Then edit /usr/local/etc/syslog-ng.conf
add options { threaded(yes); }; to the top, and any other configs.

service syslog-ng restart


  1. I follow yout tutorial, but stop in

    cd glib-2.29.4

    configure: error: *** Working zlib library and headers not found ***
    [root@localhost glib-2.29.4]#