Last week I wrote about a campaign that we started to resolve issues on GitHub. Some of the fixes are coming from our enthusiastic community. Thanks to this, there is a new syslog-ng-devel port in MacPorts, where you can enable almost all syslog-ng features even for older MacOS versions and PowerPC hardware. Some of the freshly enabled modules include support for Kafka, GeoIP or OpenTelemetry.
From this blog entry, you can learn how to install a legacy or an up-to-date syslog-ng version from MacPorts.
Before you begin
If you are reading this blog, most likely you already have MacPorts installed on your machine. If not, follow the instructions from https://www.macports.org/install.php on how to install MacPorts for your operating system.
Installing syslog-ng 3.38
MacPorts has an old version of syslog-ng already included. It works, but it has some problems, and it also lacks many of the available features of syslog-ng.
Installation is simple:
czanik@Peters-MacBook-Pro ~ % sudo port install syslog-ng ---> Computing dependencies for syslog-ng The following dependencies will be installed: bzip2 expat gettext-runtime glib2 json-c libedit libelf libffi libiconv libnet ncurses openssl openssl3 pcre pcre2 py312-packaging python312 python3_select python3_select-312 python_select python_select-312 sqlite3 xz zlib Continue? [Y/n]: y ---> Fetching archive for json-c […] ---> Attempting to fetch syslog-ng-3.38.1_0.darwin_22.x86_64.tbz2.rmd160 from https://packages.macports.org/syslog-ng ---> Installing syslog-ng @3.38.1_0 ---> Activating syslog-ng @3.38.1_0 ---> Cleaning syslog-ng ---> Updating database of binaries ---> Scanning binaries for linking errors ---> No broken files found. ---> No broken ports found. ---> Some of the ports you installed have notes: python312 has the following notes: To make this the default Python or Python 3 (i.e., the version run by the 'python' or 'python3' commands), run one or both of: sudo port select --set python python312 sudo port select --set python3 python312 syslog-ng has the following notes: To use syslog-ng, first unload OS X's built-in syslog daemon: sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.syslogd.plist Then customize /opt/local/etc/syslog-ng.conf, and load syslog-ng. A startup item has been generated that will aid in starting syslog-ng with launchd. It is disabled by default. Execute the following command to start it, and to cause it to launch at startup: sudo port load syslog-ng czanik@Peters-MacBook-Pro ~ %
It works, it is rock solid. However, it is old and misses many of the new and optional features:
root@Peters-MacBook-Pro ~ # /opt/local/sbin/syslog-ng -V syslog-ng 3 (3.38.1) Config version: 3.35 Installer-Version: 3.38.1 Revision: Module-Directory: /opt/local/lib/syslog-ng Module-Path: /opt/local/lib/syslog-ng Include-Path: /opt/local/share/syslog-ng/include Available-Modules: timestamp,kvformat,appmodel,afprog,examples,rate-limit-filter,cef,map-value-pairs,stardate,system-source,confgen,afuser,xml,disk-buffer,tfgetent,linux-kmsg-format,dbparser,json-plugin,add-contextual-data,pseudofile,affile,csvparser,basicfuncs,syslogformat,hook-commands,graphite,tags-parser,afstomp,secure-logging,afsocket,cryptofuncs,azure-auth-header,regexp-parser Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: off Enable-Linux-Caps: off Enable-Systemd: off
Installing syslog-ng-devel
The syslog-ng-devel port is built upon a recent syslog-ng git snapshot. As syslog-ng is developed in a way that you should be able to create a stable release anytime, it is not a problem.
In this case, the same command that I used to install syslog-ng 3.38 from a binary package will first install the necessary dependencies from packages, then build syslog-ng locally.
czanik@Peters-MacBook-Pro ~ % sudo port install syslog-ng-devel
---> Computing dependencies for syslog-ng-devel
The following dependencies will be installed:
bison
bison-runtime
brotli
cmake
curl
curl-ca-bundle
cyrus-sasl2
flex
gettext
gettext-tools-libs
gperf
hiredis
icu
ivykis
kerberos5
libarchive
libb2
libbson
libcomerr
libcxx
libdbi
libesmtp
libidn2
libmaxminddb
libpsl
librdkafka
libtextstyle
libunistring
libxml2
lmdb
lz4
lzo2
m4
mongo-c-driver
nghttp2
paho.mqtt.c
pkgconfig
popt
rabbitmq-c
snappy
tcp_wrappers
zstd
Continue? [Y/n]:
---> Fetching archive for gperf
[…]
---> Fetching archive for syslog-ng-devel
---> Attempting to fetch syslog-ng-devel-2024.09.17_0+osl.darwin_22.x86_64.tbz2 from https://packages.macports.org/syslog-ng-devel
---> Attempting to fetch syslog-ng-devel-2024.09.17_0+osl.darwin_22.x86_64.tbz2 from https://vie.at.packages.macports.org/syslog-ng-devel
---> Attempting to fetch syslog-ng-devel-2024.09.17_0+osl.darwin_22.x86_64.tbz2 from https://fra.de.packages.macports.org/syslog-ng-devel
---> Fetching distfiles for syslog-ng-devel
---> Verifying checksums for syslog-ng-devel
---> Extracting syslog-ng-devel
---> Applying patches to syslog-ng-devel
---> Configuring syslog-ng-devel
---> Building syslog-ng-devel
---> Staging syslog-ng-devel into destroot
---> Installing syslog-ng-devel @2024.09.17_0+osl
---> Activating syslog-ng-devel @2024.09.17_0+osl
---> Cleaning syslog-ng-devel
---> Updating database of binaries
---> Scanning binaries for linking errors
---> No broken files found.
---> No broken ports found.
---> Some of the ports you installed have notes:
cmake has the following notes:
The CMake GUI and Docs are now provided as subports 'cmake-gui' and 'cmake-docs', respectively.
libpsl has the following notes:
libpsl API documentation is provided by the libpsl-docs port.
syslog-ng-devel has the following notes:
To use syslog-ng, first unload OS X's built-in syslog daemon:
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.syslogd.plist
Then customize /opt/local/etc/syslog-ng.conf,
and
sudo load syslog-ng
A startup item has been generated that will aid in starting syslog-ng-devel with launchd. It is disabled by default. Execute the following command to start it, and to cause it to launch at startup:
sudo port load syslog-ng-devel
czanik@Peters-MacBook-Pro ~ %
Based on the output my suspicion is that pre-built packages might be available soon.
You might have noticed that installing syslog-ng-devel pulled in a lot of dependencies. The reason is simple: after the fixes received from the MacPorts community and from our developers, a lot more features compile now with older compiler versions and on older operating system versions.
Compared to the old package, these are some the additional modules available:
czanik@Peters-MacBook-Pro ~ % sudo /opt/local/sbin/syslog-ng -V
Password:
syslog-ng 4.8.0.157.gd68f5a5.dirty
Config version: 4.2
Installer-Version: 4.8.0.157.gd68f5a5.dirty
Revision: 4.8.0.157.gd68f5a5.dirty
Module-Directory: /opt/local/lib/syslog-ng
Module-Path: /opt/local/lib/syslog-ng
Include-Path: /opt/local/share/syslog-ng/include
Available-Modules: timestamp,darwinosl,kvformat,redis,afamqp,appmodel,afprog,metrics-probe,cef,map_value_pairs,kafka,stardate,system-source,confgen,afuser,xml,disk-buffer,tfgetent,linux-kmsg-format,cloud_auth,correlation,json-plugin,pseudofile,affile,afsmtp,csvparser,basicfuncs,syslogformat,hook-commands,mqtt,afmongodb,graphite,tags-parser,geoip2-plugin,afstomp,http,secure-logging,afsql,mod-python,afsocket,add_contextual_data,cryptofuncs,azure-auth-header,regexp-parser,rate_limit_filter
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: off
Enable-Systemd: off
If you want even more modules, you can use “variants” to enable support for grpc-based modules and a native MacOS source:
czanik@Peters-MacBook-Pro ~ % sudo port variants syslog-ng-devel syslog-ng-devel has the variants: debug: Enable debug binaries grpc: Enable GRPC modules [+]osl: Enable support for OSLog universal: Build for multiple architectures czanik@Peters-MacBook-Pro ~ % sudo port install syslog-ng-devel +grpc ---> Computing dependencies for syslog-ng-devel The following dependencies will be installed: abseil c-ares grpc lbzip2 libuv protobuf3-cpp re2 Continue? [Y/n]: ---> Fetching archive for abseil […]
If you check the modules again, you will see even more available:
czanik@Peters-MacBook-Pro ~ % sudo /opt/local/sbin/syslog-ng -V
Password:
syslog-ng 4.8.0.157.gd68f5a5.dirty
Config version: 4.2
Installer-Version: 4.8.0.157.gd68f5a5.dirty
Revision: 4.8.0.157.gd68f5a5.dirty
Module-Directory: /opt/local/lib/syslog-ng
Module-Path: /opt/local/lib/syslog-ng
Include-Path: /opt/local/share/syslog-ng/include
Available-Modules: bigquery,timestamp,darwinosl,kvformat,redis,afamqp,appmodel,afprog,loki,metrics-probe,cef,map_value_pairs,otel,kafka,stardate,system-source,confgen,afuser,xml,disk-buffer,tfgetent,linux-kmsg-format,cloud_auth,correlation,json-plugin,pseudofile,affile,afsmtp,csvparser,basicfuncs,syslogformat,hook-commands,mqtt,afmongodb,graphite,tags-parser,geoip2-plugin,afstomp,http,secure-logging,afsql,mod-python,afsocket,add_contextual_data,cryptofuncs,azure-auth-header,regexp-parser,rate_limit_filter
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: off
Enable-Systemd: off
What is next?
I would like to thank the involved MacPorts developers and my colleagues for making this huge step forward happen.
I would also like to ask for your feedback. Please share your experience with the syslog-ng-devel portand not only if you run into a problem, but also if it works for you as expected.
-
If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.