Install packages eventlog and syslogng. For Solaris:
pkg-get install eventlog pkg-get install syslogng
Create user and group
groupadd -g 514 syslog useradd -u 514 -g syslog -c Syslog -s /bin/false syslog
Turn off classic syslog. For Solaris:
svcadm disable system-log
Complicated example:
syslog-ng --cfgfile /etc/syslog-ng.conf --pidfile /var/run/syslog-ng.pid --chroot /var/log --user syslog --group syslog
Write this to /etc/init.d/syslog-ng
#!/bin/bash
start() {
echo "Starting syslog-ng daemon"
syslog-ng --cfgfile /etc/syslog-ng.conf --pidfile /var/run/syslog-ng.pid --chroot /var/log --user syslog --group syslog
# -f <fname>, --cfgfile=<fname> Set config file name, default=/usr/local/etc/syslog-ng.conf
# -V, --version Display version number (syslog-ng 2.0.5)
# -p <fname>, --pidfile=<fname> Set pid file name, default=/var/run/syslog-ng.pid
# -C <dir>, --chroot=<dir> Chroot to directory
# -u <user>, --user=<user> Switch to user
# -g <group>, --group=<group> Switch to group
}
stop() {
echo "Stopping syslog-ng daemon"
pkill syslog-ng
}
restart() {
stop
sleep 1
start
}
case "$1" in
'start')
start
;;
'stop')
stop
;;
'restart')
restart
;;
*)
echo "usage $0 start|stop|restart"
esac
And enable it:
cd /etc/rc2.d ln -s ../init.d/syslog-ng S70syslog-ng
Example:
# -------- Options ------------------------
options {
long_hostnames(off);
keep_hostname(yes);
use_dns(yes);
};
# -------- Sources ------------------------
source s_udp {
udp(ip(0.0.0.0) port(514));
};
source s_local {
internal();
# unix-stream("/dev/log");
};
# -------- Destinations ------------------------
# Paths are relative to chrooted directory, so /local in real means /var/log/local. If not chrooted, use absolute paths.
destination d_local {
file("/local");
};
destination d_servers {
file("/$FULLHOST");
};
# -------- Logs ------------------------
log {
source(s_local);
destination(d_local);
};
log {
source(s_udp);
destination(d_servers);
};