I am stuck with rsyslog running in a corporate straight jacket. The config is completely set.
I need to run a service to relay logs from a variety of sources and I use syslog-ng for this.
I have this running on an older ubuntu system using a locally compiled and packaged version of syslog-ng. I would much rather not have to compile things when I don't have to.
The problem(s):
Firstly the standard ubuntu packages are mutually exclusive. You install rsyslog and that removes syslog-ng. I got around this by using a third party repository and installing syslog-ng from that.
Secondly there appears to be something in systemd/systemctl which ensures that rsyslog and syslog-ng service are not both running.
I suspect that they are fighting over a resource, possibly /run/systemd/journal/syslog
Suggestion on how to work around this welcome!
It appears that what was happening is that the apt install of one syslog removes the other.
So what I did was to
sudo apt install syslog-ng-coreand thensudo cp /usr/sbin/syslog-ng* /usr/local/sbinsudo cp -r /usr/lib/syslog-ng /usr/local/lib/syslog-ngand lastlysudo mkdir /var/lib/syslog-secI then modified
/etc/defaults/syslog-ngtoThis appears to work, but it is early days and if I find any more fish hooks I will update this answer.
If anyone has a better solution I would love to know it.
Ideally I want a distribution which I can control the install path.