- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Need to forward syslog messages
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-03-2005 02:39 AM
тАО01-03-2005 02:39 AM
Need to forward syslog messages
msphnyc0:uname -a
HP-UX msphnyc0 B.10.20 B 9000/889 1609445731 16-user license
Here is my /etc/syslog.conf file:
# @(#) $Revision: 74.1 $
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
#This line added 23DEC04 by bkjb830 for Micromuse
*.emerg;*.alert;*.crit;*.warning @156.145.231.144
#
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
After I added the 156.145.231.144 line to the syslog.conf file, I did a kill -HUP on the PID for the syslogd daemon. However, the syslog messages are not being forwarded to 156.145.231.144.
Any ideas why??
Thanks..
-cd
- Tags:
- syslog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-03-2005 02:43 AM
тАО01-03-2005 02:43 AM
Re: Need to forward syslog messages
*.emerg;*.alert;*.crit;*.warning @156.145.231.144
*.emerg
Also make sure that port (514) udp is open. this port is used for remote syslogs.
Anil
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-03-2005 03:00 AM
тАО01-03-2005 03:00 AM
Re: Need to forward syslog messages
The
Any other ideas??
-cd
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-03-2005 03:59 AM
тАО01-03-2005 03:59 AM
Re: Need to forward syslog messages
why don't you try the logging to both your local system and to the remote syslog server. If it logs to your local host and doesn't to your syslog host, we'll know that the problem is with logging to the remote host. Else the problem might be with the stuff you are logging, syntax or things like that.
Try
*.emerg;*.alert;*.crit;*.warning
*.emerg;*.alert;*.crit;*.warning
Restart syslogd. Now check the syslog log on localhost as well as the remote host. Check and see if it is logging at one place only or at both the places.
Hope this helps.
Regds
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-03-2005 04:42 AM
тАО01-03-2005 04:42 AM
Re: Need to forward syslog messages
I did a netstat -a | grep 514 and found no udp processes running on that port. I checked for port 514 in several other Solaris boxes which are logging syslog successfully, and they did not have anything running on udp 514 either.
-cd
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-03-2005 04:47 AM
тАО01-03-2005 04:47 AM
Re: Need to forward syslog messages
Check and see if port 540 is not disbaled on both the servers, server that is sending syslog alert and the syslog server.
Take a look at this thread from itrc. This is about how to prevent remote syslog logging, but it may be useful in your case too.
http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000065680032
The itrc doc id is KBRC00002007.
Hope this helps.
Regds
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-03-2005 04:59 AM
тАО01-03-2005 04:59 AM
Re: Need to forward syslog messages
Typo mistake,
It should be port 514 and not 540.
Sorry abt that.
Thanks
Sanjay
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-03-2005 05:14 AM
тАО01-03-2005 05:14 AM
Re: Need to forward syslog messages
-cd
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-03-2005 05:21 AM
тАО01-03-2005 05:21 AM
Re: Need to forward syslog messages
You need to log auth.info to the remote syslog server for this "su" info to be logged to the remote server.
Hope this helps.
Regds
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-03-2005 05:47 AM
тАО01-03-2005 05:47 AM
Re: Need to forward syslog messages
-cd