System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Cental logging server not capturing logs

AL_3001
Regular Advisor

Cental logging server not capturing logs

Hello,

We have configured a central loggin servers with IP address 193.7.135.208.

However, the legs are not getting routed to the central log server.

Syslog.conf of client is:
------------------------------------------
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *

# Sox:

local4.warn @193.7.135.208
local5.info @193.7.135.208
auth.debug @193.7.135.208
daemon.debug @193.7.135.208
local5.info;mail.none /var/adm/syslog/ftplog
------------------------------------------

Kindly assist.

Thanks.
4 REPLIES
Steven E. Protter
Exalted Contributor

Re: Cental logging server not capturing logs

Shalom,

See if central log server is listening on port 514

netstat -an | grep 514

Check for firewalls between the systems. Any firewall commonly closes these ports.

After changing the configuration of logging, did you start/stop the syslog daemon?

What OS version is the server/clients?

Ever hear of distributed systems utilities?
http://docs.hp.com/en/J2744-90017/ch02s06.html

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Matti_Kurkela
Honored Contributor

Re: Cental logging server not capturing logs

Are you using the standard HP-UX syslog daemon on the central log server, or something else?
How is this log servers software configured?

For testing, you can use the "logger" command to send log messages.

For example:

logger -p daemon.debug -i "test message"

MK
MK
AL_3001
Regular Advisor

Re: Cental logging server not capturing logs

Hi Steven,

>> See if central log server is listening on port 514


tcp 0 0 *.514 *.* LISTEN
udp 0 0 *.514 *.*


Yes, it is listening.

>> Check for firewalls between the systems. Any firewall commonly closes these ports.

Logs from other clients are getting captured.


>> After changing the configuration of logging, did you start/stop the syslog daemon?

Yes, syslogd was started.


>>What OS version is the server/clients?

The central loggin server is Solaris and client is HP-UX. Logs from other HP-UX servers are captured on central server but not for this client.

Thanks.
AL_3001
Regular Advisor

Re: Cental logging server not capturing logs

Thanks mate!