3.3.2. Procedure – Installing syslog-ng PE in server mode The syslog-ng Premium Edition 7 Administrator Guide
Complete the following steps to install syslog-ng PE on log servers. For details on the different operation modes of syslog-ng PE, see Section 2.3, Modes of operation.
The native logrotation tools do not send a SIGHUP to syslog-ng after rotating the log files, causing syslog-ng to write into files already rotated. To solve this problem, the syslog-ng init script links the
Login to your MyBalabit account and download the syslog-ng PE installer package and your syslog-ng Premium Edition license file (
license.txt). The license will be required to run syslog-ng PE in server mode (see Section 2.3.3, Server mode) and is needed when you are installing syslog-ng PE on your central log server.
Enable the executable attribute for the installer using the chmod +x syslog-ng-<edition>-<version>-<OS>-<platform>.run, then start the installer as root using the ./syslog-ng-<edition>-<version>-<OS>-<platform>.run command. (Note that the exact name of the file depends on the operating system and platform.) Wait until the package is uncompressed and the welcome screen appears, then select .
Accepting the EULA: You can install syslog-ng PE only if you understand and accept the terms of the End-User License Agreement (EULA). The full text of the EULA can be displayed during installation by selecting the option, and is also available in this guide for convenience at Appendix B, END USER LICENSE AGREEMENT FOR BALABIT PRODUCT (EULA). Select to accept the EULA and continue the installation.
If you do not accept the terms of the EULA for some reason, select syslog-ng PE.to cancel installing
Detecting platform and operating system: The installer attempts to automatically detect your oprating system and platform. If the displayed information is correct, select . Otherwise select to abort the installation, and verify that your platform is supported. For a list of supported platforms, see Section 1.6, Supported platforms. If your platform is supported but not detected correctly, contact your local distributor, reseller, or the BalaBit Support Team. For contact details, see Section 5, Contact and support information.
Installation path: Enter the path to install syslog-ng PE to. This is useful if you intend to install syslog-ng PE without registering it as a service, or if it cannot be installed to the default location because of policy compliance reasons. If no path is given, syslog-ng PE is installed to the default folder.
Registering as syslog service: Select to register syslog-ng PE as the syslog service. This will stop and disable the default syslog service of the system.
Locating the license: Enter the path to your license file (
license.txt) and select . Typically this is required only for your central log server.
If you are upgrading an existing configuration that already has a license file, the installer automatically detects it.
Upgrading: The syslog-ng PE installer can automatically detect if you have previously installed a version of syslog-ng PE on your system. To use the configuration file of this previous installation, select . To ignore the old configuration file and create a new one, select .
Note that if you decide to use your existing configuration file, the installer automatically checks it for syntax error and displays a list of warnings and errors if it finds any problems.
Generating a new configuration file: The installer displays some questions to generate a new configuration file.
Remote sources: Select to accept log messages from the network. TCP, UDP, and SYSLOG messages on every interface will be automatically accepted.
Remote destinations: Enter the IP address or hostname of your log server or relay and select .
Accepting remote messages and forwarding them to a log server means that syslog-ng PE will start in relay mode.
After the installation is finished, add the
/opt/syslog-ng/sbindirectories to your search PATH environment variable. That way you can use syslog-ng PE and its related tools without having to specify the full pathname. Add the following line to your shell profile:
Optional step for SELinux-enabled systems: Complete Procedure 3.5, Using syslog-ng PE on SELinux.