Ubuntu 20.04: trying to get syslog-ng and rsyslog to co-exist with systemd

Question

I am stuck with rsyslog running in a corporate straight jacket. The config is completely set.

I need to run a service to relay logs from a variety of sources and I use syslog-ng for this.

I have this running on an older ubuntu system using a locally compiled and packaged version of syslog-ng. I would much rather not have to compile things when I don't have to.

The problem(s):

Firstly the standard ubuntu packages are mutually exclusive. You install rsyslog and that removes syslog-ng. I got around this by using a third party repository and installing syslog-ng from that.

Secondly there appears to be something in systemd/systemctl which ensures that rsyslog and syslog-ng service are not both running.

I suspect that they are fighting over a resource, possibly /run/systemd/journal/syslog

Suggestion on how to work around this welcome!

Answer 1

It appears that what was happening is that the apt install of one syslog removes the other.

So what I did was to

sudo apt install syslog-ng-core and then

sudo cp /usr/sbin/syslog-ng* /usr/local/sbin

sudo cp -r /usr/lib/syslog-ng /usr/local/lib/syslog-ng and lastly

sudo mkdir /var/lib/syslog-sec

I then modified /etc/defaults/syslog-ng to

# Command line options to syslog-ng                                                                                                                                                                                                    
SYSLOGNG_OPTS="--control /var/lib/syslog-sec/syslog-ng.ctl --module-path /usr/local/lib/syslog-ng/3.31 --persist-file /var/lib/syslog-sec/syslog-ng.persist --pidfile /var/lib/syslog-sec/syslog-ng.pid"
LD_LIBRARY_PATH="/usr/local/lib/syslog-ng"

This appears to work, but it is early days and if I find any more fish hooks I will update this answer.

If anyone has a better solution I would love to know it.

Ideally I want a distribution which I can control the install path.