Had a client for whom I wanted to install syslog-ng. I’ve never worked with it before, but had read that it can log to a MySQL database. The project at hand seemed like a great fit for just such a thing, so off I went to get syslog-ng.
(Update on Nov 28, 2012: When I realized that rsyslog comes with RHEL 5 and supports MySQL out of the box, I switched the project to it instead)
Build my own? No problem.
Having worked with Linx and open source for nearly 2 decades now, I’m accustomed to having a look to find a software package occasionally. Since most of that time has been spent working with Red Hat, Fedora, and CentOS, I’m also accustomed to having to go out of my way to find RPM versions of packages. It’s common to find that someone who maintains an application doesn’t by default make an RPM for it. Sometimes that’s because their experience is in another flavor of Linux or UNIX that doesn’t natively use RPMs (aka Debian, Slackware, *BSD), or because they don’t have time to make an RPM.
Since I didn’t find an RPM readily available for this install (on CentOS 5.8), I started looking around. My usual sources (rpmforge, etc.) didn’t yield anything. So I turned to rpmfind.net. Right away I saw that there is a package available for RHEL 5, thus presumably for CentOS as well. Unfortunately, though, the CentOs extras repo didn’t have the package. Bummer. But the sources for Red Hat’s EPEL packages (http://download.fedoraproject.org/pub/epel/5/SRPMS) had a source RPM. For me, that’s usually enough to get started. So, a quick wget and I was on my way:
$ wget http://download.fedoraproject.org/pub/epel/4/SRPMS/syslog-ng-2.1.4-1.el4.src.rpm
From here I usually do either:
rpmbuild --rebuild syslog-ng-2.1.4-1.el4.src.rpm
or I install the src.rpm and do:
rpmbuild -bb /path/to/syslog-ng.spec
But it wasn’t that simple
To make an incredibly long story a bit shorter, I had build errors. And the reason I did was that this package wanted a devel package that I couldn’t find right away (try finding
tcp_wrappers-devel-7.6-40). What I ended up doing was finding the source RPM for tcp_wrappers and building a new version of it. Also, I had to build the eventlog RPM that goes along with syslog-ng (same company makes both). Great! Now all I had to do was build syslog-ng, finally!
Except that it kept croaking, telling me “
ld: cannot find -lwrap“. Now, I thought this thing was looking for libwrap.so, so I made sure it (or some symlink to it) was in all the common lib directories. Nope, no luck. Ah, I need to run
ldconfig, I thought. Nope, didn’t help.
Next I popped open the source tarball and look in it. I saw some references to
/usr/local/lib. I changed those to
/usr/lib, re-packed the tarbarll, stuck it in the SOURCES directory in my build environment, and ran it again….nope. After more digging in
configure files, I found that it apparently wanted
libwrap.a to be in the lib paths. But…my tcp_wrappers packages did not install that file. Odd. I updated my locate database and did ‘
locate libwrap.a‘. That file existed only in the RPM BUILD directory. Looking in the spec file, I found that it had been removed around 7.6-42 by the folks at Red Hat. Perhaps they were purging out old static libraries. I manipulated the spec file to make it install in
Finally syslog-ng compiled. So, to get syslog-ng to build, I had to install and/or build these packages:
(the version of tcp_wrappers was 7.6-57 when I got the SRPM, but I bumped the version a couple of times to account for changes I made in the spec file)
Now, this was just on my build server. On the actual client machine, I installed these RPMs:
The libnet package was already installed, so it was an update.
I know that version 3.2 of syslog-ng comes with RHEL/CentOS 6 EPEL. I’m going to see if I can get it to build for a CentOS 5 environment, since 2.1 seems rather old by comparison.
Additionally, now I will be working to get the service working with mysql. But that’s probably another post… 🙂