From 6d8ebae225ad55a175b2266f531e0ddba50da706 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Mon, 8 Aug 2005 16:12:14 +0000 Subject: added first revision of install document --- doc/install.html | 136 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ doc/manual.html | 1 + 2 files changed, 137 insertions(+) create mode 100644 doc/install.html (limited to 'doc') diff --git a/doc/install.html b/doc/install.html new file mode 100644 index 00000000..4b0e5a21 --- /dev/null +++ b/doc/install.html @@ -0,0 +1,136 @@ + +SSL Encrypting syslog with stunnel + + + +

HOWTO install rsyslog

Written by + Rainer + Gerhards (2005-08-08)

Abstract

In this paper, I describe how to install +rsyslog. It is intentionally a brief +step-by-step guide, targeted to those who want to quickly get it up and running. +For more elaborate information, please consult the rest of the +manual set.

Steps To Do

Rsyslog does currently only have very limited availability as a package (if +you volunteer to create one, drop me a +line). Thus, this guide focusses on installing from the source, which +thankfully is quite easy.

Step 1 - Download Software

For obvious reasons, you need to download rsyslog. Load the most recent build +from http://www.rsyslog.com/downloads.

Depending on your system configuration, you also need to install some build +tools, most importantly make, the gcc compiler and the MySQL development system +(if you intend to use MySQL). On many systems, these things should already be +present. If you don't know exactly, simply skip this step for now and see if +nice error messages pop up during the compile process. If they do, you can still +install the missing build environment tools. So this is nothing that you need to +look at very carefully.

Step 2 - Check Makefile

The Makefile that comes with rsyslog contains all common options, instead of +support for MySQL. By default, it is compiled without it, because most folks do +not need it. If you need MySQL, you need to activate it. It's straightforward:

load Makefile in your preferred text editor
search for the "FEATURE_DB" definition close to the top of the file: +
# Enable database support (off by default, must be turned + # on when support for MySQL is desired). + FEATURE_DB=0
+
change FEATURE_DB to 1, that enables MySQL support. The line should now + look as follows:
+
# Enable database support (off by default, must be turned + # on when support for MySQL is desired). + FEATURE_DB=1
+
+
write the updated Makefile to disk

Important: If you modify the Makefile more than once, be sure to call +"make clean" before going further.

Now you are ready for the next step, the compilation.

Step 3 - Compile

That is easy. Just type "make" and let the compiler work. On any recent +system, that should be a very quick task, on many systems just a matter of a vew +seconds. If an error message comes up, most probably a part of your build +environment is not installed. Check with step 1 in those cases.

Step 4 - Install

Again, that is quite easy. All it takes is a "make install". That will copy +the rsyslogd and the man pages to the relavant directories.

Step 5 - Configure rsyslogd

In this step, you tell rsyslogd what to do with received messages. If you are +upgrading from stock syslogd, /etc/syslog.conf is probably a good starting +point. Rsyslogd understands stock syslogd syntax, so you can simply copy over +/etc/syslog.conf to /etc/rsyslog.conf. Then, edit rsyslog.conf for any +enhancements you would like to see. For example, you can add database writing as +outlined in the paper "Writing syslog Data to MySQL".

Step 6 - Disable stock syslogd

In almost all cases, there already is stock syslogd installed. Because both +it and rsyslogd listen to the same sockets, they can NOT be run concurrently. So +you need to disable the stock syslogd. To do this, you typically must change +your rc.d startup scripts.

For example, under Debian this mus be +done as follows: The default runlevel is 2. We modify the init scripts for +runlevel 2 - in parctice, you need to do this for all run levels you will ever +use (which probably means all). Under /etc/rc2.d there is a S10sysklogd script (actually +a symlink). Change the name to _S10sysklogd (this keeps the symlink in place, +but will prevent further execution - effectively disabling it).

Step 7 - Enable rsyslogd Autostart

This step is very close to step 3. Now, we want to enable rsyslogd to start +automatically. The rsyslog package contains a (currently small) number of +startup scripts. They are inside the distro-specific directory (e.g. debian). If +there is nothing for your operating system, you can simply copy the stock +syslogd startup script and make the minor modifications to run rsyslogd (the +samples should be of help if you intend to do this).

In our Debian example, the actual scripts are stored in /etc/init.d. Copy the +standard script to that location. Then, you need to add a symlink to it in the +respective rc.d directory. In our sample, we modify rc2.d, and can do this via +the command "ln -s ../init.d/rsyslogd S10rsyslogd". Please note that the S10 +prefix tells the system to start rsyslogd at the same time stock sysklogd was +started.

Important: if you use the database functionality, you should make sure +that MySQL starts before rsyslogd. If it starts later, you will receive an error +message during each restart (this might be acceptable to you). To do so, either +move MySQL's start order before rsyslogd or rsyslogd's after MySQL.

Done

This concludes the steps necesary to install rsyslogd. Of course, it is +always a good idea to test everything thouroughly. At a minimalist level, you +should do a reboot and after that check if everything has come up correctly. Pay +attention not only to running processes, but also check if the log files (or the +database) are correctly being populated.

If rsyslogd encounters any serious errors during startup, you should be able +to see them at least on the system console. They might not be in log file, as +errors might occur before the log file rules are in place. So it is always a +good idea to check system console output when things don't go smooth. In some +rare cases, enabling debug logging (-d option) in rsyslogd can be helpful. If +all fails, go to www.rsyslog.com and check +the forum or mailing list for help with your issue.

Housekeeping stuff

This section and its subsections contain all these nice things that you +usually need to read only if you are really curios ;)

Feedback requested

I would appreciate feedback on this tutorial. It is still in its infancy, so additional ideas, +comments or bug sighting reports are very welcome. Please +let me know about them.

Revision History

2005-08-08 * + Rainer Gerhards * Initial + version created

Copyright

Permission is granted to copy, distribute and/or modify this document + under the terms of the GNU Free Documentation License, Version 1.2 + or any later version published by the Free Software Foundation; + with no Invariant Sections, no Front-Cover Texts, and no Back-Cover + Texts. A copy of the license can be viewed at + +http://www.gnu.org/copyleft/fdl.html.

+ + + \ No newline at end of file diff --git a/doc/manual.html b/doc/manual.html index dd263cf7..29c72e4f 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -22,6 +22,7 @@ version information and ports.

rsyslog bug list

We have some in-depth papers on