Description of problem: There seems to be a file conflict between rsyslog in RHEL8 and syslog-ng in epel8. /etc/logrotate.d/syslog now contains rsyslog specific code: $ cat etc/logrotate.d/syslog [snip] { missingok sharedscripts postrotate /usr/bin/systemctl kill -s HUP rsyslog.service >/dev/null 2>&1 || true endscript } Can syslog-ng move logrotate file to /etc/logrotate.d/syslog-ng for epel8? (For Fedora rsyslog uses /etc/logrotate.d/rsyslog, however that might not make sense i RHEL8, hence syslog-ng might need to move in epel8).
Thanks for the report. I plan to check it on Friday or early next week and also fix GeoIP (maxminddb) support along the way.
OK, I see. Previously the log rotation script was using the PID to reload (r)syslog(-ng), that's why both of them used the same pid file. So whichever was running from the two got restarted from the logrotate script. I have one concern: what happens if both rsyslog and syslog-ng are installed? In this case there are two logrotate scripts for the same set of log files... Once I have an answer for the above question, I should rename the logrotate script from syslog to syslog-ng in all of my syslog-ng packages, except EPEL 7. And change it to: ``` postrotate /usr/bin/systemctl kill -s HUP syslog-ng.service >/dev/null 2>&1 || true endscript ```
I did not have yet time for testing, but here is a syslog-ng git snapshot build, which implements the changes listed above: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng-githead/ If it works as expected, I'll port back the changes to EPEL 8 and also to Fedora Rawhide, once syslog-ng 3.26 is available.
Well. Starting logrotate by hand revealed, that it errors out: [root@localhost ~]# /usr/sbin/logrotate /etc/logrotate.conf error: syslog-ng:1 duplicate log entry for /var/log/cron error: syslog-ng:1 duplicate log entry for /var/log/maillog error: syslog-ng:1 duplicate log entry for /var/log/messages error: syslog-ng:1 duplicate log entry for /var/log/secure error: syslog-ng:1 duplicate log entry for /var/log/spooler error: found error in file syslog-ng, skipping So, one problem is resolved, as there is no more file conflict with rsyslog. But we have another one. - if we keep the file level conflict, then everything works properly, but rsyslog and syslog-ng can't be installed in parallel - if there is no file level conflict then they can be installed in parallel, but reloading syslog-ng from logrotate does not work What do you think?
Solution 3: - ship /etc/logrotate.d/syslog in separate package syslog-ng-logrotate - in syslog-ng package require File /etc/logrotate.d/syslog: `Require: /etc/logrotate.d/syslog` or require rsyslog OR syslog-ng-logrotate: `Requires: (rsyslog or syslog-ng-logrotate)`
Is or in requires supported in el8? Other option is let rsyslog syslog-ng use the same file maybe something like this can work: var/log/cron /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler { sharedscripts postrotate /usr/bin/systemctl is-active --quiet rsyslog && /usr/bin/systemctl kill -s HUP rsyslog.service >/dev/null 2>&1 || true /usr/bin/systemctl is-active --quiet syslog && /usr/bin/systemctl kill -s HUP syslog-ng.service >/dev/null 2>&1 || true endscript }
(In reply to Terje Røsten from comment #6) > Other option is let rsyslog syslog-ng use the same file maybe something like > this can work: I would strongly prefer not doing this. My use case (which currently works fine on CentOS 7) is that I want to separate the local system logger and the archiving log server as far as possible. I currently do this by dropping a file in /etc/rsyslog.d/ on all machines telling them to send copies of all logs to the archive server. The archive server also runs a syslog-ng process (in addition to its standard rsyslog) which only listens on the network and only writes to archive files outside of /var/log/. This has the advantages of the configurations being simple for both rsyslog and syslog-ng, and that all machines can run identical rsyslog configurations, without special exceptions for the archive server. I would like to be able to run CentOS 8 systems like this as well.
A possible solution is now available for testing in my git snapshot repository. For details check: https://github.com/syslog-ng/syslog-ng/issues/1384#issuecomment-644716350 If it works, I plan to port the changes to the official EPEL 8 package.
And here is what I submitted to EPEL 8. You can check the packages from below until it enters EPEL 8. Let me know your experiences! https://koji.fedoraproject.org/koji/buildinfo?buildID=1536397 AFAIR it is migrated automagically after a few day to EPEL 8, but if nothing happens until early next week, I check if the EPEL workflow has changed...
OK, read the docs, so it's not completely automagical :) I submitted it to Bodhi, where testing and adding karma helps to speed up the process: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-86919949a0
Hi! I don't understand how this helps? Ok, so rsyslog and syslog-ng can now be installed at the same time, however if syslog-ng service is used, logrotate is borken[1] until syslog-ng-logrotate is installed (and rsyslog removed)? I don't see why this is good solution? [1]: it appear to work, however syslog-ng will continue to write to old file (now with new name, while e.g. /var/log/messages will be empty).
OK, fixed package is now available in EPEL 8. It helps by making sure, that you can install rsyslog and syslog-ng at the same time. The problem here is, that rsyslog is an offical RHEL package, while syslog-ng is not. This means, that if I want to make syslog-ng parallel installable with rsyslog, then I have to make a change on the syslog-ng side, as they don't. And this was the best compromise we could come up with here by Fabien and on the syslog-ng mailing list. The /etc/lograte.d/syslog file name is already hard coded in config management software for RHEL 8, so I could not change that. And if you install rsyslog and syslog-ng together, you need to fiddle with logrotate scripts anyway.