lessphp fatal error: load error: failed to find /home/effectte/public_html/devii/wp-content/themes/theme52707/bootstrap/less/bootstrap.lesslessphp fatal error: load error: failed to find /home/effectte/public_html/devii/wp-content/themes/theme52707/style.less Installing Syslog-ng on CentOS 7.x

Installing Syslog-ng on CentOS 7.x

These are the instructions for configuring CentOS 7.x with syslog-ng in preparation for the Splunk CISCO TA and Splunk CISCO app and using syslog-ng to manage the logs from your CISCO devices.

I have updated the original instructions for setting up syslog-ng on CentOS 6.x by Charles Gerow.

GREEN = Typed commands followed by pressing ENTER
BLUE = Screen Output or File Contents


  • CentOS 7.x
  • Internet Connectivity
  • wget (yum install wget)
  1. Install EPEL Repositories:
    1. Login to your server as root (or su -)
    2. Type: cd /root
    3. Type (Current link as of this post):
    4. Type: rpm -Uvh /root/epel-release-7-7.noarch.rpm
    5. To verify the software repository was installed type: yum repolist
      You should see something like:

      [root@myserver ~]# yum repolist
      Loaded plugins: fastestmirror
      epel/x86_64/metalink                                                                     |  14 kB  00:00:00
      epel                                                                                     | 4.3 kB  00:00:00
      (1/3): epel/x86_64/updateinfo                                                            | 575 kB  00:00:00
      (2/3): epel/x86_64/group_gz                                                              | 170 kB  00:00:01
      (3/3): epel/x86_64/primary_db                                                            | 4.2 MB  00:00:06
      Loading mirror speeds from cached hostfile
      * base: dallas.tx.mirror.xygenhosting.com
      * epel: mirror.sfo12.us.leaseweb.net
      * extras: mirrors.unifiedlayer.com
      * updates: mirrors.sonic.net
      repo id                                  repo name                                                 status
      base/7/x86_64                            CentOS-7 - Base                                            9,007
      *epel/x86_64                         Extra Packages for Enterprise Linux 7 - x86_64      10,228
      extras/7/x86_64                          CentOS-7 - Extras                                            353
      updates/7/x86_64                         CentOS-7 - Updates                                         1,994
      repolist: 21,582
  2. Install Syslog-NG:
    1. Run an update check: yum check-update
      To see if this will impact any other software on your system.
    2. Check the availability of Syslog-NG by typing: yum list *syslog-ng*
      [root@myserver ~]# yum list *syslog-ng*
      Loaded plugins: fastestmirror
      Loading mirror speeds from cached hostfile
      * base: dallas.tx.mirror.xygenhosting.com
      * epel: mirror.sfo12.us.leaseweb.net
      * extras: mirrors.unifiedlayer.com
      * updates: mirrors.sonic.net
      Available Packages
      syslog-ng.x86_64                             3.5.6-3.el7                                   epel
      syslog-ng-devel.x86_64                       3.5.6-3.el7                                   epel
      syslog-ng-geoip.x86_64                       3.5.6-3.el7                                   epel
      syslog-ng-json.x86_64                        3.5.6-3.el7                                   epel
      syslog-ng-libdbi.x86_64                      3.5.6-3.el7                                   epel
      syslog-ng-mongodb.x86_64                     3.5.6-3.el7                                   epel
      syslog-ng-redis.x86_64                       3.5.6-3.el7                                   epel
      syslog-ng-smtp.x86_64                        3.5.6-3.el7                                   epel
    3. Install both syslog-ng and syslog-ng-libdbi (to avoid an error message) by typing: yum install syslog-ng syslog-ng-libdbi
      (Of course, you could install everything… if you want to…)

      [root@myserver ~]# yum install syslog-ng syslog-ng-libdbi
      Loaded plugins: fastestmirror
      Loading mirror speeds from cached hostfile
       * base: mirror.cisp.com
       * epel: archive.linux.duke.edu
       * extras: mirror.symnds.com
       * updates: mirrors.easynews.com
      Setting up Install Process
      Resolving Dependencies
      --> Running transaction check
      ---> Package syslog-ng.i686 0:3.2.5-3.el6 will be installed
      --> Processing Dependency: libnet.so.1 for package: syslog-ng-3.2.5-3.el6.i686
      --> Processing Dependency: libevtlog.so.0 for package: syslog-ng-3.2.5-3.el6.i686
      ---> Package syslog-ng-libdbi.i686 0:3.2.5-3.el6 will be installed
      --> Processing Dependency: libdbi.so.0 for package: syslog-ng-libdbi-3.2.5-3.el6.i686
      --> Running transaction check
      ---> Package eventlog.i686 0:0.2.12-1.el6 will be installed
      ---> Package libdbi.i686 0:0.8.3-4.el6 will be installed
      ---> Package libnet.i686 0:1.1.5-1.el6 will be installed
      --> Finished Dependency Resolution
      Dependencies Resolved
       Package                       Arch              Version                    Repository         Size
       syslog-ng                     i686              3.2.5-3.el6                epel              442 k
       syslog-ng-libdbi              i686              3.2.5-3.el6                epel               31 k
      Installing for dependencies:
       eventlog                      i686              0.2.12-1.el6               epel               17 k
       libdbi                        i686              0.8.3-4.el6                base               39 k
       libnet                        i686              1.1.5-1.el6                epel               55 k
      Transaction Summary
      Install       5 Package(s)
      Total download size: 583 k
      Installed size: 1.7 M
      Is this ok [y/N]: y

      If prompted to to import a GPG key… type: y

      warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
      Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
      Importing GPG key 0x0608B895:
       Userid : EPEL (6) 
       Package: epel-release-6-8.noarch (installed)
       From   : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
      Is this ok [y/N]: y
  3. Configure CentOS Services, Stop Rsyslog, and Start Syslog-NG:
    1. Disable rsyslogchkconfig syslog off  (actually this is systemctl status syslog.service)
    2. Confirm rsyslog is disabled:
      [root@myserver ~]# chkconfig --list rsyslog
      rsyslog         0:off   1:off   2:off   3:off   4:off   5:off   6:off
    3. Enable syslog-ngchkconfig syslog-ng on
    4. Confirm syslog-ng is enabled:
      [root@myserver ~]# chkconfig --list syslog-ng
      syslog-ng               0:off   1:off   2:on    3:on    4:on    5:on    6:off
    5. Stop Rsyslog:
      [root@myserver ~]# service rsyslog stop
      Shutting down system logger:                               [  OK  ]
    6. Start Syslog-NG:
      [root@myserver ~]# service syslog-ng start
      Starting syslog-ng:                                        [  OK  ]
  4. Example Configuration for Syslog-NG:
    1. Add the following to the END of /etc/syslog-ng/syslog-ng.conf:
      options {
      # My Switches
      source s_cisco {
      		udp(ip( port(514));
      		tcp(ip( port(514));
      destination d_cisco {
      log { source(s_cisco); destination(d_cisco); };

      This will basically take ALL (udp/tcp syslog data and place it into /var/log/cisco. The names of the files are based off the host name and date. For example, if you have switch named MYSWITCH and the current date is December 10th, 2013… the full path and file name would be: /var/log/cisco/MYSWITCH-20131210.log

    2. *** DO NOT modify any other portion of the file unless you are certain you know what you are doing!
    3. Restart the syslog-ng service to implement changes:
      [root@myserver syslog-ng]# service syslog-ng restart
      Stopping syslog-ng:                                        [  OK  ]
      Starting syslog-ng:                                        [  OK  ]
  5. Delete Old Syslog-NG Files:
    1. Login as root
    2. Type: crontab -e
    3. Add the following to your crontab file:
      # Delete Old Syslog Files
      # 3 AM, Every Sunday
      0 3 * * 0 /usr/bin/find /var/log/cisco -maxdepth 1 -mtime +60 -name "*.log" -exec rm {} \;
      Change the "60" to your desired number of "days".