- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Script to dump at syslog server
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-12-2013 04:33 AM
04-12-2013 04:33 AM
Re: Script to dump at syslog server
Hi Matti ,
windows firewall is off.
Am not able to telnet from my hux box ;
root #/ >telnet 10.34.32.142 514
Trying...
telnet: Unable to connect to remote host: Connection refused
Just downloaded syslog server from link , double clicked accepted the agreemt and its running in task bar below ; still m getting no input in windows .
What am i missing out ??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-13-2013 01:22 AM
04-13-2013 01:22 AM
Re: Script to dump at syslog server
The syslog protocol uses a UDP port, not a TCP port, so it is not possible to test it with the telnet command.
The telnet command can be used to test TCP ports only.
- Tags:
- telnet
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-15-2013 10:09 PM
04-15-2013 10:09 PM
Re: Script to dump at syslog server
Hi ,
Still am not able to get my syslog contents to be viewed in windows syslog server.
Have made all the config's on windows server 2003 , found in help contents of syslog software .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2013 10:22 PM - edited 04-16-2013 10:22 PM
04-16-2013 10:22 PM - edited 04-16-2013 10:22 PM
Re: Script to dump at syslog server
Hi ,
How do i check for udp protocol then ?
Whether it is listening on port 514 or not ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-17-2013 12:50 AM
04-17-2013 12:50 AM
Re: Script to dump at syslog server
You can run "netstat -a" in the Windows command prompt and see if the UDP port 514 is active or not. If the port appears in the listing, then the application has activated the port. But neither UDP nor the syslog protocol include any standard responses at all: there is no way to confirm that a syslog server has received a particular message, other than seeing it logged at the syslog server.
You could use something like Wireshark on the Windows system to see if there is any incoming traffic to UDP/514, while using the "logger" command on the HP-UX to generate syslog messages. Likewise, you could use tcpdump or the HP-UX built-in network trace functionality (see http://www.compute-aid.com/nettl.html for that) to see that syslog messages are in fact being sent out from your HP-UX host.
The lack of any universal standard responses in UDP-based protocols is also a problem for port scanning tools like nmap. When scanning UDP ports, it actually must operate in a tricky way: if it sends a probe to an UDP port and receives an ICMP message saying "this port is not available, go away", it knows the port is closed for sure. If the port responds with an UDP packet (most likely containing some protocol-specific message) then the port is clearly active. But not all UDP-based protocols do that. So if there is no response at all, the UDP port may be opened by a syslog-like service... or the port might be firewalled and the firewall is dropping the incoming packet without sending any answer at all.
- Tags:
- netstat
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-17-2013 02:02 AM
04-17-2013 02:02 AM
Re: Script to dump at syslog server
Hi ,
netstat -ano on windows server ;
UDP 0.0.0.0:514 *:* 3860
Its not in listening mode.
started servcies many times , but still same.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2013 01:36 AM
04-18-2013 01:36 AM
Re: Script to dump at syslog server
UDP ports do not really have a specific "listening mode", so the display is different than on TCP ports.
If the UDP port is listed in the netstat output, the port has been activated and the application using the port can pass traffic both ways if it wants to. But a syslog server has no need to send anything at all: it just waits for incoming packets to arrive. If the UDP port is not listed in netstat output, then the UDP port is closed.
Yes, this looks like the service is active.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2013 04:25 AM - edited 04-18-2013 04:25 AM
04-18-2013 04:25 AM - edited 04-18-2013 04:25 AM
Re: Script to dump at syslog server
Hi Matti ,
Then what could be the reaason , why am not able to see syslog messages here .
Debug level messages already selected.
PFA screenshot.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2013 07:52 AM
04-18-2013 07:52 AM
SolutionFrom your screenshot, I see you have restarted syslogd on 10.1.1.31.
Have you edited the /etc/syslog.conf file on 10.1.1.31 correctly?
Please run "cat -t /etc/syslog.conf". It should output something like this:
$ cat -t /etc/syslog.conf # @(#)B11.23_LR # # syslogd configuration file. # # See syslogd(1M) for information about the format of this file. # mail.debug^I^I/var/adm/syslog/mail.log *.info;mail.none^I/var/adm/syslog/syslog.log *.alert^I^I^I/dev/console *.alert^I^I^Iroot *.emerg^I^I^I* *.debug^I@10.11.22.33
The "cat -t" command replaces the normally space-like TAB characters with "^I"s. There should be at least one ^I on each non-blank non-comment line between the message selector part and the log destination part. You should have the IP address of your Windows server instead of 10.11.22.33.
The *.* syntax works with most syslog daemons, but you might try using *.debug instead... maybe I'm confusing HP-UX with Linux or some other Unix, and HP-UX requires using *.debug to mean "absolutely everything". The above file is copied from a HP-UX 11.23 system that is successfully sending syslog messages to a remote destination.
After you've verified this (and restarted the syslog daemon again if you had to make any changes), you should use the "logger" command to generate a new syslog message or two. For example:
logger -i "test syslog message"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-20-2013 07:16 PM
04-20-2013 07:16 PM
Re: Script to dump at syslog server
Hi Matti ,
As pointed by you , and my mistake for not checking earlier , i found ^I separator was not set correctly in syslog.conf;
root #/ >cat -t /etc/syslog.conf
# @(#)B11.23_LR
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug^I^I/var/adm/syslog/mail.log
*.info;mail.none^I/var/adm/syslog/syslog.log
*.alert^I^I^I/dev/console
*.alert^I^I^Iroot
*.emerg^I^I^I*
*.* @10.1.x.x
I changed this line to ;
root #/ >cat -t /etc/syslog.conf
# @(#)B11.23_LR
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug^I^I/var/adm/syslog/mail.log
*.info;mail.none^I/var/adm/syslog/syslog.log
*.alert^I^I^I/dev/console
*.alert^I^I^Iroot
*.emerg^I^I^I*
*.*^I@10.1.xx.xx
REstarted syslog , but still am nt able to c syslog messages in windows server...
pfa screenshot of win syslog server;