- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: moving syslog error mesaage to a windows box
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-20-2011 01:24 AM
тАО05-20-2011 01:24 AM
moving syslog error mesaage to a windows box
i have 10 HPUX servers .audit team has told me to forward syslog messages to a windows box going forward as part of audit tpuposes ...
anyone done this before ? ..i am aware about syslog.conf configuration from unix side ..what needs to be done on windows box to accept the log from unix box and keep it in a place ..
1-pls help me what setting needs to be done on unix BOX(HPUX 11.23)
2-what setting needs to be done on firewall?
3-what setting needs to be done on windows box (how to set the location of the log files to kept)
Rgds,trng
Regards,suresh
- Tags:
- syslog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-20-2011 02:24 AM
тАО05-20-2011 02:24 AM
Re: moving syslog error mesaage to a windows box
So the first question to ask your audit people is what syslog software do they want you to run on the windows system? And (possibly) who is going to pay for it?
HTH
Duncan
I am an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-20-2011 04:26 AM
тАО05-20-2011 04:26 AM
Re: moving syslog error mesaage to a windows box
As I mentioned. I need to move syslog errors to another server having enough space.how to do? .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-20-2011 05:30 AM
тАО05-20-2011 05:30 AM
Re: moving syslog error mesaage to a windows box
Duncan was referring to configuring syslogd on the Unix box to send the syslog messages, as they occur, dynamically over to the Windows box. For that, you need a syslog *server* on Windows and must configure the syslogd on the Unix to send them there.
bv
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-21-2011 10:18 AM
тАО05-21-2011 10:18 AM
Re: moving syslog error mesaage to a windows box
1. The auditors want syslog archived and not truncated, and
2. You are running out of space for local syslog.
It may be more helpful to analyze what is filling syslog. You may find that most of it is not useful and can be diverted. The syslog.conf file has to ability to parse messages into different file. Here is a syslog.conf file that separates auth, ftp, ems, kern, lpr and daemon messages into separate files. This should reduce syslog growth considerably.
*.info;mail.none;local0.none;local1.none;local5.none;auth.none;lpr.none;daemon.notice;kern.notice /var/adm/syslog/syslog.log
mail.debug /var/adm/syslog/mail.log
local0.info /var/adm/syslog/krsd.log
local1.info /var/adm/syslog/ems.log
local5.info /var/adm/syslog/ftpd.log
auth.info /var/adm/syslog/auth.log
lpr.info /var/adm/syslog/lpr.log
daemon.info /var/adm/syslog/daemon.log
kern.info /var/adm/syslog/kern.log
*.alert console
*.alert root
*.emerg *
And one more change for ntp: Edit the xntpd start script (/etc/rc.config.d/netdaemons) to add a different log for ntp:
export XNTPD_ARGS="-l /var/adm/xntpd.log"
This will remove the ntp status messages from syslog.log.
BIG NOTE: Unlike other log files, syslog.log defines a space as a comment no matter where the space appears. Use *ONLY* tab to separate items in syslog.conf. To check your resultant file, use cat -t:
*.info;mail.none;local0.none;local1.none;local5.none;auth.none;lpr.none;daemon.notice;kern.notice^I/var/adm/syslog/syslog.log
mail.debug^I/var/adm/syslog/mail.log
local0.info^I/var/adm/syslog/krsd.log
local1.info^I/var/adm/syslog/ems.log
local5.info^I/var/adm/syslog/ftpd.log
auth.info^I/var/adm/syslog/auth.log
lpr.info^I/var/adm/syslog/lpr.log
daemon.info^I/var/adm/syslog/daemon.log
kern.info^I/var/adm/syslog/kern.log
*.alert^I^Iconsole
*.alert^I^Iroot
*.emerg^I^I*
Now you can decide how to trim or transfer the repetitive logs.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-23-2011 06:46 PM
тАО05-23-2011 06:46 PM
Re: moving syslog error mesaage to a windows box
thanks for the nice answers,but still my requirement not met...let me explain my requirement once again ..
i want to move all access denied/access allowed entries/critical errors to another server whcih should have unix admin access .
I am sure we can do this by implimenting a syslog server unfortunately i dont know how to do it ...is it possible to configure syslog server on windows server which can accept unix syslog ?..
rgds,suresh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-24-2011 06:17 AM
тАО05-24-2011 06:17 AM
Re: moving syslog error mesaage to a windows box
www.syslog.org
A Google search will find several free and priced products that will probably work. AS far as sending just the authentication information, you can use my syslog.conf example above where auth.info is sent to a server. In fact, you can log to the auth.log locally and also send the same info to a syslog server:
auth.info /var/adm/syslog/auth.log
auth.info @my_SYSLOG_server.com
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-24-2011 10:07 PM
тАО05-24-2011 10:07 PM
Re: moving syslog error mesaage to a windows box
i have configured /etc/syslog.conf as below (10.83.97.30 is windows )
*.info;mail.none;auth.notice @10.83.97.30
*.notice @10.83.97.30
*.warning @10.83.97.30
*.err @10.83.97.30
*.crit @10.83.97.30
*.alert @10.83.97.30
*.emerg @10.83.97.30
and i have restarted syslogd and tried logger warning from unix box ,but in windows i couldnt find any log coming from my unix box ....
rgds,trng
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-24-2011 10:54 PM
тАО05-24-2011 10:54 PM
Re: moving syslog error mesaage to a windows box
As you've been told already there is _no_ syslog server on a Windows system by default. You need to install one
There are a few out there though, such as the Kiwi syslog server:
http://www.kiwisyslog.com/kiwi-syslog-server-compare-versions/
or syslog-ng (although you also have to install cygwin on the windows system to use it):
http://www.syslog.org/logged/running-syslog-ng-on-windows/
HTH
Duncan
I am an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-25-2011 09:38 AM
тАО05-25-2011 09:38 AM
Re: moving syslog error mesaage to a windows box
Did you look at the log directory provided by the special syslog program you installed on your Windows box?
> *.info;mail.none;auth.notice @10.83.97.30
> *.notice @10.83.97.30
> *.warning @10.83.97.30
> *.err @10.83.97.30
> *.crit @10.83.97.30
> *.alert @10.83.97.30
> *.emerg @10.83.97.30
This isn't the correct syntax. The first line will log every information message (and higher) for every facility, but will exclude all mail messages and log auth messages from notice level on up. In other words, notice includes warning,err,crit,alert and emerg.
So assuming that you want every message at the info level and higher, this is all you need:
*.info;mail.none @10.83.97.30
If you want to ignore auth.info but log auth.notice and hifher, then the first line you have will work fine:
*.info;mail.none;auth.notice @10.83.97.30
But NONE OF THIS WILL WORK until you install and configure a special syslog program on your PC. Also, there can be *NO* spaces on any line is syslog.conf except for coment lines. Use tabs to separate items on the line.
Bill Hassell, sysadmin