System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Redirect all ssystem events to syslog.log file

SOLVED
Go to solution
Md. Minhaz Khan
Super Advisor

Redirect all ssystem events to syslog.log file

Query 1:
When i run "/etc/opt/resmon/lbin/monconfig" command and choose "(A)dd a monitoring request" i have found
at Notification Method stage below:

Notification Method:
1) UDP 2) TCP 3) SNMP 4) TEXTLOG
5) SYSLOG 6) EMAIL 7) CONSOLE

My query is if i choose "5" mean SYSLOG then if any event occurs in the system that are monitored by EMS will
go to /var/adm/syslog/syslog.log

Query 2:
Now if we want to redirect syslog message to a centeral server then if we do the following
is it correct:

#vi /etc/hosts
10.10.10.1 system1
10.10.10.2 system2 loghost-------------->Add this line

:wq!

Note: System1 is my machine and system2 is the machine that i want to send log.

#vi /etc/syslog.conf
................................
.............................
*.info;mail.none @loghost-------------->Add this line

:wq!

#/sbin/init.d/syslogd stop
#syslogd -D


If i am wrong please correct me. Actually i want to redirect critical ssystem events(Like disk faulty or Temperature issue) to syslog.log file
and then forward syslog message to a centeral syslog server

Any one can help me????

Thanks in Advance
Minhaz
12 REPLIES
Michal Kapalka (mikap)
Honored Contributor

Re: Redirect all ssystem events to syslog.log file

hi,

instead of syslog, we are using snmp trap.

mikap
Vijaykumar_1
Valued Contributor

Re: Redirect all ssystem events to syslog.log file

hi,

Yes you are correct..pls refer the below o/p

# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug /var/adm/syslog/mail.log
*.info;mail.none;auth.notice@LOGICAL HOSTNAME /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
$
============================================
*.info;mail.none;auth.notice ...This is the entry meant for syslogfile and i have mentioned logical host which mean that the logs will be redirected to the host which i have mentioned.

And finally the mandatory step..you need to restart the syslog daemon :)

Md. Minhaz Khan
Super Advisor

Re: Redirect all ssystem events to syslog.log file

Thanks Vijaykumar

Dear Michal

Can you help me to can we configure snmp-trap to send system events to a central server Like GFI eventManager.

Please give me steps in details

Thanks
Minhaz
Michal Kapalka (mikap)
Honored Contributor
Solution

Re: Redirect all ssystem events to syslog.log file

hi,

i found the manual on this website :

http://www.madvip.net/node/56 ,

but now it isn't available.


============================================

1, add entry to the /etc/snmpd.conf

trap-dest: IP_trap_server

2, restart snmpd server and the snmpd-components. ( or reboot the server )

i made a simple script to make all steps 1 and 2

#=========================================

set -x
echo "trap-dest: 10.36.65.70" >>/etc/snmpd.conf
sleep 2
/sbin/init.d/SnmpMaster stop
sleep 2
/sbin/init.d/SnmpMaster start
sleep 10
/sbin/init.d/SnmpMib2 stop
sleep 2
/sbin/init.d/SnmpMib2 start
sleep 2
/sbin/init.d/SnmpHpunix stop
sleep 2
/sbin/init.d/SnmpHpunix start

#=========================================

3, run /etc/opt/resmon/lbin/monconfig

============================================================================
============== Monitoring Request Manager Main Menu ==============
============================================================================

Note: Monitoring requests let you specify the events for monitors
to report and the notification methods to use.

Select:
(S)how monitoring requests configured via monconfig
(C)heck detailed monitoring status
(L)ist descriptions of available monitors
(A)dd a monitoring request
(D)elete a monitoring request
(M)odify an existing monitoring request
(E)nable Monitoring
(K)ill (disable) monitoring
(H)elp
(Q)uit
Enter selection: [s] a



============================================================================
===================== Add Monitoring Request =====================
============================================================================

Start of edit configuration:

A monitoring request consists of:
- A list of monitors to which it applies
- A severity range (A relational expression and a severity. For example,
< "MAJOR WARNING" means events with severity "INFORMATION" and
"MINOR WARNING")
- A notification mechanism.
Please answer the following questions to specify a monitoring request.

Monitors to which this configuration can apply:
1) /StorageAreaNetwork/events/SAN_Monitor
2) /system/events/cpu/cmc
3) /system/events/cpu_hitachi/cmc
4) /system/events/cpe
5) /system/events/cpe_hitachi
6) /storage/events/disks/default
7) /storage/events/disks_asama/default
8) /storage/events/disks_hitachi/default
9) /adapters/events/TL_adapter
10) /connectivity/events/hubs/FC_hub
11) /connectivity/events/switches/FC_switch
12) /adapters/events/fclp_adapter
13) /adapters/events/iscsi_adapter
14) /system/events/dm_memory_asama
15) /system/events/memory_azusa
16) /adapters/events/ql_adapter
17) /adapters/events/raid_adapter
18) /adapters/events/sas_adapter
19) /storage/events/enclosures/ses_enclosure
20) /system/events/ups
21) /storage/events/disk_arrays/FC60
22) /system/events/ipmi_fpl
23) /storage/events/enclosures/gazemon
24) /system/events/ia64_corehw
25) /system/events/ia64_corehw_asama
26) /system/events/ipfcorehw_hitachi
27) /system/events/ipfmemory_hitachi
28) /system/events/memory_ia64
29) /storage/events/disk_arrays/MSA1000
30) /storage/events/enclosures/msamon_sas
31) /system/events/system_status
Enter monitor numbers separated by commas
{or (A)ll monitors, (Q)uit, (H)elp} [a] a

Criteria Thresholds:
1) INFORMATION 2) MINOR WARNING 3) MAJOR WARNING
4) SERIOUS 5) CRITICAL
Enter selection {or (Q)uit,(H)elp} [4] 2

Criteria Operator:
1) < 2) <= 3) > 4) >= 5) = 6) !=
Enter selection {or (Q)uit,(H)elp} [4]

Notification Method:
1) UDP 2) TCP 3) SNMP 4) TEXTLOG
5) SYSLOG 6) EMAIL 7) CONSOLE
Enter selection {or (Q)uit,(H)elp} [6] 3

User Comment:
(C)lear (A)dd
Enter selection {or (Q)uit,(H)elp} [c] a

Enter comment: []
ERROR: input required.
Please re-enter: SNMP2

Client Configuration File:
(C)lear
Use Clear to use the default file.
Enter selection {or (Q)uit,(H)elp} [c]

New entry:
Send events generated by all monitors
with severity >= MINOR WARNING to SNMP
with comment:
SNMP2


Are you sure you want to keep these changes?
{(Y)es,(N)o,(H)elp} [n] y

Changes will take effect when the diagmond(1M) daemon discovers that
monitoring requests have been modified. Use the 'c' command to wait for
changes to take effect.



============================================================================
============== Monitoring Request Manager Main Menu ==============
============================================================================

Note: Monitoring requests let you specify the events for monitors
to report and the notification methods to use.

Select:
(S)how monitoring requests configured via monconfig
(C)heck detailed monitoring status
(L)ist descriptions of available monitors
(A)dd a monitoring request
(D)elete a monitoring request
(M)odify an existing monitoring request
(E)nable Monitoring
(K)ill (disable) monitoring
(H)elp
(Q)uit
Enter selection: [s]



============================================================================
=================== Current Monitoring Requests ==================
============================================================================

EVENT MONITORING IS CURRENTLY ENABLED.

The current monitor configuration is:
1) Send events generated by all monitors
with severity >= MAJOR WARNING to SYSLOG
2) Send events generated by all monitors
with severity >= INFORMATION to TEXTLOG /var/opt/resmon/log/event.log
3) Send events generated by all monitors
with severity >= MINOR WARNING to SNMP
4) Send events generated by all monitors
with severity >= MINOR WARNING to SNMP
with comment:
SNMP2


if you need additional info, please let me know.

mikap
Md. Minhaz Khan
Super Advisor

Re: Redirect all ssystem events to syslog.log file

Dear Michel

Thanks a lot my friends.You give me steps in details.

Now can you give to steps what you done in the snmp_trap server side??

I mean when any message come in the snmp_trap server then how can snmp_trap server process messages and then to system admin


***Note: We have already talk "GFI eventManager" vendor their reply is as below:

"" If you configure the devices to broadcast Syslogs or SNMP traps, EventsManager should be able to collect them and eventually process them.

It is just a matter of configuring first the devices to broadcast syslogs and SNMP traps to the EventsManager server and configure EventsManager to process these events ""




So dear michel give your opinion

Thanks
Minhaz
Michal Kapalka (mikap)
Honored Contributor

Re: Redirect all ssystem events to syslog.log file

hi,

sorry i forget to say, that we get the mib file to recognise snmp traps on nagios from :

software.hp.com

Event Monitoring Service (EMS) Developer's Kit

https://h20392.www2.hp.com/portal/swdepot/try.do?productNumber=B7611BA


mikap
Md. Minhaz Khan
Super Advisor

Re: Redirect all ssystem events to syslog.log file

Dear Michel

Query 1:
So we will install this Event Monitoring Service (EMS) Developer's Kit into HP-UX machine then follow your given steps that you post previously???

Query 2:
Again can you help me what i need to do in the SNMP_TRAP server side. Can you give me steps in detail like previous post.

Thanks
Minhaz
Michal Kapalka (mikap)
Honored Contributor

Re: Redirect all ssystem events to syslog.log file

hi,

Query 1:
So we will install this Event Monitoring Service (EMS) Developer's Kit into HP-UX machine then follow your given steps that you post previously???

= (EMS) Developer's Kit - you install the depot with swinstall and inside the proguct is a mib file, when you download this file you can uninstall the product. And yes all previos steps are correct.


Query 2:
Again can you help me what i need to do in the SNMP_TRAP server side. Can you give me steps in detail like previous post.

= our SNMP_TRAP server is linux + nagios + centreon, but you are using GFI product, but i am not familiar with, so i am not able to help you with the configuration of your trap server. sorry.

mikap
Md. Minhaz Khan
Super Advisor

Re: Redirect all ssystem events to syslog.log file

Dear Michel

>>= our SNMP_TRAP server is linux + nagios + centreon, but you are using GFI product, but i am not familiar with, so i am not able to help you with the configuration of your trap server

Actually we are talking with "GFI Enevt Manager" if they ensure that they can process snmp_trap then we will buy their product.

So please give your procedure so that i can test it.If test is successful then we will go for "linux+nagious+centreon"



Thanks
Minhaz
Michal Kapalka (mikap)
Honored Contributor

Re: Redirect all ssystem events to syslog.log file

hi,

check the HP SIM if its usable for you :

http://h18006.www1.hp.com/products/servers/management/hpsim/index.html

mikap

PS : install centereon + linux + nagios is easy, but to configure all services, escalation.... its really time consuming.
Md. Minhaz Khan
Super Advisor

Re: Redirect all ssystem events to syslog.log file

Thanks Michel

>>install centereon + linux + nagios is easy, but to configure all services, escalation.... its really time consuming.

So please give me steps about how to install
"centereon + linux + nagios" then please give me 1 or 2 examples to configure service

please michel help me.I am waiting for yur reply


Thanks
Minhaz
Md. Minhaz Khan
Super Advisor

Re: Redirect all ssystem events to syslog.log file

I need to create another thread for nagious