FreeBSD

From rsyslog wiki

Jump to: navigation, search

rsyslog is present in the FreeBSD ports collection: FreshPorts

  • rklogd is not supported on FreeBSD yet, but the port provides a work-around via logger(1)
  • Modules are packaged as separate ports, e.g. sysutils/rsyslog-mysql, sysutils/rsyslog-pgsql
  • The port supports rfc3195d through liblogging
  • You can use the port as a drop-in replacement for stock syslogd(8). Follow instructions in package message to make it work seamlessly with newsyslog(8). It also supports chrooted daemons, such as named(8), in the same way stock syslogd(8) does.
  • Please report or cc all the problems you have with rsyslog on FreeBSD to the port's maintainer

[edit] Quick RSyslog+MySQL Installation HOWTO

This quick howto assumes:

  • you have ports in its default location
  • you're running a FreeBSD build recent to 6.2
  • You have a working install of MySQL, and are familiar with administering and securing it
  • This is not a best practice but a quick-start guide

[edit] Directions

1. Update your ports collection (see: FreeBSD Handbook: Using Ports)

2. Install the rsyslog-mysql port
Shell# cd /usr/ports/sysutils/rsyslog-mysql && make install clean

3. create the default configuration file in /usr/local/etc/ and modify to taste 

Shell# touch /usr/local/etc/rsyslog.conf
  • You should be able to drop in your existing syslog.conf if you wish to mimic the default syslog

4. Create the Database and tables in MySQL using the reccomended layout below

  • Put the mysql layout into a file and mysql -u root -p < /path/to/file/rsyslog.sql to read it in after you type the root mysql password
  • Alternatively you can copy and paste it into the interactive mysql shell 
CREATE DATABASE "Syslog";
\c Syslog;
CREATE TABLE SystemEvents
(
        ID serial not null primary key,
        CustomerID bigint,
        ReceivedAt timestamp without time zone NULL,
        DeviceReportedTime timestamp without time zone NULL,
        Facility smallint NULL,
        Priority smallint NULL,
        FromHost varchar(60) NULL,
        Message text,
        NTSeverity int NULL,
        Importance int NULL,
        EventSource varchar(60),
        EventUser varchar(60) NULL,
        EventCategory int NULL,
        EventID int NULL,
        EventBinaryData text NULL,
        MaxAvailable int NULL,
        CurrUsage int NULL,
        MinUsage int NULL,
        MaxUsage int NULL,
        InfoUnitID int NULL ,
        SysLogTag varchar(60),
        EventLogType varchar(60),
        GenericFileName VarChar(60),
        SystemID int NULL
);

CREATE TABLE SystemEventsProperties
(
        ID serial not null primary key,
        SystemEventID int NULL ,
        ParamName varchar(255) NULL ,
        ParamValue text NULL
);
5. Create the user that will have access to the specific database
mysql> grant all privileges on Syslog.* to 'sysloguser'@'%' identified by 'syslogpass' with grant option
  • Make sure to test the users ability to log in before you continue

6. Configure rsyslog to send specific logs to mysql in the rsyslog.conf configuration file

  • At the top of the config add the following so rsyslog loads the mysql module:
    $ModLoad MySQL
  • Add this to the bottom of the configuration if you wanted to log the Local0 facility to mysql
    Local0.*  >LOGHOST,DATABASE,USERNAME,PASSWORD;

7. Before you can start rsyslog in FreeBSD, you must add the following to the /etc/rc.conf: 

#rsyslog
rsyslogd_enable="YES"
rsyslogd_config="/usr/local/etc/rsyslog.conf"
rsyslogd_klog_enable="NO"
rsyslogd_klog_pidfile="/var/run/rsyslog-klog.pid"

8. Before rsyslog will listen to network traffic with the current build, you should modify '/usr/local/etc/rc.d/rsyslog'.

    Change: 
    command_args="-i ${pidfile} -f ${rsyslogd_config}"

    to: 

    command_args="-i ${pidfile} -f ${rsyslogd_config} -r514 -t514"
9. start rsyslog:
/usr/local/etc/rc.d/rsyslog start

[edit] Notes

  • The port definately needs some work, so these directions will change over time, the port may at some point create an examples directory in /usr/share/example that would contain sql syntax file and a sample configuration - until then follow the directions above
  • The port may also allow for an rcvar to move the command_args to /etc/rc.conf - until that happens just modify the startup script /usr/local/etc/rc.d/rsyslog
  • This example was writting for FreeBSD 6.3-PRERELEASE, MySQL 5, and rsyslog 2
  • Note the time this was written: --Efk 02:03, 6 January 2008 (CET)
Retrieved from "http://wiki.rsyslog.com/index.php/FreeBSD"


Personal tools
language