You do not have to live without your favorite syslog implementation even in Amazon Web Services (AWS) Linux AMI. This Linux distribution is based on Red Hat Enterprise Linux version 6 and it is minimal extra work to install syslog-ng on it.

Before you begin

There are many different Linux distributions available on AWS, many of these include syslog-ng in an easy to install way as part of the distribution. The one I am writing about is the Amazon Linux AMI, the custom Linux distribution maintained by Amazon:

  • The AWS Linux AMI is based on RHEL 6, so you can use syslog-ng built for that. This means that you can enable the EPEL repository and use syslog-ng from there. While it works, it is not recommended as it contains an ancient version (3.2). I would rather recommend to use my unofficial syslog-ng packages.
  • The latest available version for RHEL 6 is 3.9. This still needs the EPEL repository for dependencies and you will need to enable my repository as well.

If your company policy suggests to use EPEL instead of the latest version, read my blog about the new core features of syslog-ng, which include advanced message parsing and disk based buffering to think again.

Installing syslog-ng

Enter the commands below to install syslog-ng 3.9 on AWS Linux AMI:

  1. yum-config-manager –enable epel
    Enables the EPEL repository that contains some of the dependencies necessary to run syslog-ng. The repo file is already there but it is not enabled.
  2. yum-config-manager –add-repo=https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng39epel6/repo/epel-6/czanik-syslog-ng39epel6-epel-6.repo
    Enables my unofficial syslog-ng repository for RHEL 6. Skip this step only if you are not allowed to use other external repositories than EPEL.
  3. rpm -e –nodeps rsyslog
    Removes rsyslog – which conflicts with syslog-ng – without removing packages, like cronie, depending on syslog functionality.
  4. yum install -y syslog-ng
    Installs syslog-ng. The “-y” option saves you from answering a few prompts.
  5. chkconfig syslog-ng on
    Makes sure that syslog-ng started on boot.
  6. /etc/init.d/syslog-ng start
    Starts syslog-ng.

Automating syslog-ng installation

Installing applications from the command line is OK when you have a single machine. Using a private or public cloud automation is a must, if you do not want to waste a lot of time (and money). You can easily automate the above steps by adding it as a shell script while launching a new machine in AWS.

#!/bin/bash
yum-config-manager --enable epel
yum-config-manager --add-repo=https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng39epel6/repo/epel-6/czanik-syslog-ng39epel6-epel-6.repo
rpm -e --nodeps rsyslog
yum install -y syslog-ng
chkconfig syslog-ng on
/etc/init.d/syslog-ng start

If you use the web console to launch a new instance, you can paste the above script in step #3 (“configure instance”) in the text box under “Advanced Details”.

Of course it is even more elegant, if you turn the above commands into a cloud init script. I leave that exercise up to the reader.

Testing

By now syslog-ng is installed on your system with the default configuration. Before tailoring it to your environment make sure that everything works as expected.

You can check that syslog-ng is up and running using the /etc/init.d/syslog-ng status command, which prints the process ID of the syslog-ng application on screen.

You can check (very) basic functionality using the logger command. Enter:

logger this is a test message

And check if it is written to /var/log/messages using the tail command:

tail /var/log/messages

Unless your system is already busy serving users you should see a similar message as one of your last lines:

Sep 11 13:09:39 ip-172-x-y-z ec2-user[3395]: this is a test message

What is next?

Here I list a few resources worth reading if you want to learn more about syslog-ng and AWS or if you get stuck along the way:

If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or you can even chat with us. For a long list of possibilities, check our contact page at https://syslog-ng.org/contact-us/. On Twitter, I am available as @PCzanik.