Operating System - HP-UX
1748117 Members
3662 Online
108758 Solutions
New Discussion юеВ

Re: syslog -- centralised log server

 
ManojK_1
Valued Contributor

syslog -- centralised log server

Hi,

Centralised log server has been created in our environment for all Linux and HP Unix Servers in our environment.

It is working fine for all the linux systems except HP Unix servers. I have given follwoing entries in /etc/syslog.conf
*.info;mail.none @192.1.10.18

where 192.1.10.18 is centralised log server IP.

Centralised log server and the other systems are in different network subnet.

For testing i have created an another HP Unix server as centralised log server in the same subnet of other HP Unix servers. Then it is working fine. Problem is with different subnet which is separated by firewall. Firewall team is saying they were not receiving any request in firewall log.

What will be the cause of the issue?

Manoj K



Thanks and Regards,
Manoj K
3 REPLIES 3
Laurent Menase
Honored Contributor

Re: syslog -- centralised log server

Does a ping to the 192.1.10.18 works?
Do you have multiple gateways?
Does your system have multiple interfaces in the same subnet?
netstat -ni
netstat -nrv

probably you can try a nettl trace at link layer ( with option -m 100 to limit the size)
then try a ping , and something which produce syslog output,

Re: syslog -- centralised log server

Have you checked the syntax of your syslog.conf file - made sure it doesn't contain any spaces, just tabs?

HTH

Duncan

I am an HPE Employee
Accept or Kudo
Matti_Kurkela
Honored Contributor

Re: syslog -- centralised log server

Can your HP-UX systems communicate with anything else outside their own subnet?

If they can't (or you haven't had a reason to test until now), you should be aware of the Dead Gateway Detection system of HP-UX.

By default, HP-UX expects that a gateway should answer to pings. If it doesn't, HP-UX thinks the gateway has died and stops trying to use it.

Sometimes, network administrators configure their gateways to not answer to pings - this is rather common when the gateway is also the firewall.

Please run:
# ndd -get /dev/ip ip_ire_gw_probe

If it responds "1", then the Dead Gateway Detection is enabled.

To disable it, run:
ndd -set /dev/ip ip_ire_gw_probe 0

(If the Dead Gateway Detection has already disabled your access to the default gateway, you would have to delete and re-add the gateway route entry to "refresh" it.)

If this fixes your problem, add this to your /etc/rc.config.d/nddconf file to make it persistent:
TRANSPORT_NAME[0]=ip
NDD_NAME[0]=ip_ire_gw_probe
NDD_VALUE[0]=0

(Note: if you have other settings in your nddconf file, remember to adjust the number inside the [brackets] so it does not overlap with the numbers of the other settings.)

MK
MK