HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- directing syslog to remote server
Operating System - HP-UX
1834569
Members
4050
Online
110069
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2008 02:32 PM
03-11-2008 02:32 PM
Before I jump into this, let me start by saying that I did read the two threads associated with the subject that I need help with. Neither seems to solve my issue.
I am at my wit's end, I need some help!
ISSUE:
I have two HPUX boxes, both RP5470.
db1 - HP-UX B.11.11 U 9000/800 1142474610 unlimited-user license
ap1 -HP-UX B.11.11 U 9000/800 1158474670 unlimited-user license
I installed the ap1 box from scratch just about 2 weeks ago.
db1: what /usr/sbin/syslogd
/usr/sbin/syslogd:
syslogd.c $Date: 2005/03/14 02:08:44 $Revision: r11.11/15 PATCH_11.11 (PHCO_32793)
$Revision: @(#) syslogd R11.11_BL2005_0630_3 PATCH_11.11 PHCO_32793
Copyright (c) 1983 Regents of the University of California.
ap1: what /usr/sbin/syslogd
/usr/sbin/syslogd:
syslogd.c $Date: 2005/03/14 02:08:44 $Revision: r11.11/15 PATCH_11.11 (PHCO_32793)
$Revision: @(#) syslogd R11.11_BL2005_0630_3 PATCH_11.11 PHCO_32793
Copyright (c) 1983 Regents of the University of California.
My syslog.conf file on db1 has the following:
*.notice @10.50.80.8
mail.debug /var/adm/syslog/mail.log
*.alert root
*.info;mail.none /var/adm/syslog/syslog.log
syslog.conf file on ap1 has the following:
mail.debug /var/adm/syslog/mail.log
*.alert root
*.debug @10.50.80.8
*.info @10.50.80.8
*.notice @10.50.80.8
*.warning @10.50.80.8
*.err @10.50.80.8
*.crit @10.50.80.8
*.alert @10.50.80.8
*.emerg @10.50.80.8
*.info;mail.none /var/adm/syslog/syslog.log
The problem is, no matter what I do, I cannot get db1 to log to the IP address mentioned.
ap1 is able to log to the loghost.
/etc/hosts on both servers have the IP address and hostname of the syslog server
What could be wrong with db1 and how do I get it to log messages to remote server?
As a side note, on db1 I had to escape the @ sign in vi (\@) before it showed up correctly.
I have used logger on both systems.
eg: logger "test SOS"
shows up on syslog.log on both systems, but only ap1 is able to log it to the remote server.
Any suggestions? pointers?
Thanks
I am at my wit's end, I need some help!
ISSUE:
I have two HPUX boxes, both RP5470.
db1 - HP-UX B.11.11 U 9000/800 1142474610 unlimited-user license
ap1 -HP-UX B.11.11 U 9000/800 1158474670 unlimited-user license
I installed the ap1 box from scratch just about 2 weeks ago.
db1: what /usr/sbin/syslogd
/usr/sbin/syslogd:
syslogd.c $Date: 2005/03/14 02:08:44 $Revision: r11.11/15 PATCH_11.11 (PHCO_32793)
$Revision: @(#) syslogd R11.11_BL2005_0630_3 PATCH_11.11 PHCO_32793
Copyright (c) 1983 Regents of the University of California.
ap1: what /usr/sbin/syslogd
/usr/sbin/syslogd:
syslogd.c $Date: 2005/03/14 02:08:44 $Revision: r11.11/15 PATCH_11.11 (PHCO_32793)
$Revision: @(#) syslogd R11.11_BL2005_0630_3 PATCH_11.11 PHCO_32793
Copyright (c) 1983 Regents of the University of California.
My syslog.conf file on db1 has the following:
*.notice @10.50.80.8
mail.debug /var/adm/syslog/mail.log
*.alert root
*.info;mail.none /var/adm/syslog/syslog.log
syslog.conf file on ap1 has the following:
mail.debug /var/adm/syslog/mail.log
*.alert root
*.debug @10.50.80.8
*.info @10.50.80.8
*.notice @10.50.80.8
*.warning @10.50.80.8
*.err @10.50.80.8
*.crit @10.50.80.8
*.alert @10.50.80.8
*.emerg @10.50.80.8
*.info;mail.none /var/adm/syslog/syslog.log
The problem is, no matter what I do, I cannot get db1 to log to the IP address mentioned.
ap1 is able to log to the loghost.
/etc/hosts on both servers have the IP address and hostname of the syslog server
What could be wrong with db1 and how do I get it to log messages to remote server?
As a side note, on db1 I had to escape the @ sign in vi (\@) before it showed up correctly.
I have used logger on both systems.
eg: logger "test SOS"
shows up on syslog.log on both systems, but only ap1 is able to log it to the remote server.
Any suggestions? pointers?
Thanks
Solved! Go to Solution.
- Tags:
- syslog
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2008 04:32 PM
03-11-2008 04:32 PM
Solution
> As a side note, on db1 I had to escape the @ sign in vi (\@) before it showed up correctly.
This is a big problem with db1. It has nothing to do with syslog.conf. It snounds like your stty settings are missing from your /etc/profile (big assumption: you are using a standard POSIX shell such as /usr/bin/ksh). You can verify your terminal settings with:
stty
...
erase = #; kill = @;
...
These two settings are the (completely useless) defaults. ALWAYS override the defaults (leftove from the days of Teletype paper terminals) with these two lines:
stty erase "^H" kill "^U" intr "^C" eof "^D" -parity ixoff
stty susp \^Z dsusp \^Y
That will fix a multitude of problems with your terminal connections.
> My syslog.conf file on db1 has the following:
> *.notice @10.50.80.8
> mail.debug /var/adm/syslog/mail.log
> *.alert root
> *.info;mail.none /var/adm/syslog/syslog.log
syslogd processes each line of syslog.conf independent of any other line. So the first line sends all messages from any source starting at NOTICE level and all higher levels (ignores DEBUG and INFO messages) to the IP address listed. And the second line will send every mail message to the mail.log file. The third line sends ALERT and higher to any terminal with root logged in. The last line sends all messages INFO and higher -- except mail -- to syslog.log.
The next syslog.conf should be completely replaced:
syslog.conf file on ap1 has the following:
mail.debug /var/adm/syslog/mail.log
*.alert root
*.debug @10.50.80.8
*.info @10.50.80.8
... ... ...
*.alert @10.50.80.8
*.emerg @10.50.80.8
*.info;mail.none /var/adm/syslog/syslog.log
Each line is processed separately so you will get many, many duplicate messages for WARNING, ERR, CRIT, and so on. Only one line is needed for all messages from this server to the remote logger:
*.debug @10.50.80.8
The entire file would simplify to:
*.alert root
*.debug @10.50.80.8
*.info;mail.none /var/adm/syslog/syslog.log
Now the reason this doesn't work is usually due to a very non-intuitive formatting requirement: NO SPACES ALLOWED. This file must have TABS between elements as in: *.alertroot
The man page is really sparse: "The action field is separated from the selector by one or more tabs." What it means is that (without *any* error messages) each line with spaces is silently ignored. Take out all spaces and replace them with tabs.
Now there is also the possibility that if the two systems are separated by firewalls (or an overly aggressive network administrator that won't forward syslog messages) then the messages are being blocked (also silently).
Bill Hassell, sysadmin
This is a big problem with db1. It has nothing to do with syslog.conf. It snounds like your stty settings are missing from your /etc/profile (big assumption: you are using a standard POSIX shell such as /usr/bin/ksh). You can verify your terminal settings with:
stty
...
erase = #; kill = @;
...
These two settings are the (completely useless) defaults. ALWAYS override the defaults (leftove from the days of Teletype paper terminals) with these two lines:
stty erase "^H" kill "^U" intr "^C" eof "^D" -parity ixoff
stty susp \^Z dsusp \^Y
That will fix a multitude of problems with your terminal connections.
> My syslog.conf file on db1 has the following:
> *.notice @10.50.80.8
> mail.debug /var/adm/syslog/mail.log
> *.alert root
> *.info;mail.none /var/adm/syslog/syslog.log
syslogd processes each line of syslog.conf independent of any other line. So the first line sends all messages from any source starting at NOTICE level and all higher levels (ignores DEBUG and INFO messages) to the IP address listed. And the second line will send every mail message to the mail.log file. The third line sends ALERT and higher to any terminal with root logged in. The last line sends all messages INFO and higher -- except mail -- to syslog.log.
The next syslog.conf should be completely replaced:
syslog.conf file on ap1 has the following:
mail.debug /var/adm/syslog/mail.log
*.alert root
*.debug @10.50.80.8
*.info @10.50.80.8
... ... ...
*.alert @10.50.80.8
*.emerg @10.50.80.8
*.info;mail.none /var/adm/syslog/syslog.log
Each line is processed separately so you will get many, many duplicate messages for WARNING, ERR, CRIT, and so on. Only one line is needed for all messages from this server to the remote logger:
*.debug @10.50.80.8
The entire file would simplify to:
*.alert root
*.debug @10.50.80.8
*.info;mail.none /var/adm/syslog/syslog.log
Now the reason this doesn't work is usually due to a very non-intuitive formatting requirement: NO SPACES ALLOWED. This file must have TABS between elements as in: *.alert
The man page is really sparse: "The action field is separated from the selector by one or more tabs." What it means is that (without *any* error messages) each line with spaces is silently ignored. Take out all spaces and replace them with tabs.
Now there is also the possibility that if the two systems are separated by firewalls (or an overly aggressive network administrator that won't forward syslog messages) then the messages are being blocked (also silently).
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-12-2008 06:55 AM
03-12-2008 06:55 AM
Re: directing syslog to remote server
Thanks for all the excellent pointers!
I did make sure that only were used in the syslog.conf file.
On ap1, thanks for the pointer about eliminating all the lines by just have
*.debug@10.50.80.8
On db1, I was using *.notice@10.50.80.8
so logger would log something to the server, if at all sysloging to remote server was working.
But still haven't had any success with the syslog on DB1.
>>stty erase "^H" kill "^U" intr "^C" eof "^D" -parity ixoff
>>stty susp \^Z dsusp \^Y
This has proved invaluable. Thanks for this information.
>>Now there is also the possibility that if >>the two systems are separated by firewalls >>(or an overly aggressive network >>administrator that won't forward syslog >>messages) then the messages are being >>blocked (also silently).
Unfortunately, there is no firewall in between, or individually on, these servers and the syslog server. So no luck there.
If nothing, I will write a script to grep for crit/emerg and email it to myself.... but thing introduces a lot of extra work(get only the change from syslog.log every 5 miniutes?)
Thanks
I did make sure that only
On ap1, thanks for the pointer about eliminating all the lines by just have
*.debug
On db1, I was using *.notice
so logger would log something to the server, if at all sysloging to remote server was working.
But still haven't had any success with the syslog on DB1.
>>stty erase "^H" kill "^U" intr "^C" eof "^D" -parity ixoff
>>stty susp \^Z dsusp \^Y
This has proved invaluable. Thanks for this information.
>>Now there is also the possibility that if >>the two systems are separated by firewalls >>(or an overly aggressive network >>administrator that won't forward syslog >>messages) then the messages are being >>blocked (also silently).
Unfortunately, there is no firewall in between, or individually on, these servers and the syslog server. So no luck there.
If nothing, I will write a script to grep for crit/emerg and email it to myself.... but thing introduces a lot of extra work(get only the change from syslog.log every 5 miniutes?)
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-12-2008 06:59 PM
03-12-2008 06:59 PM
Re: directing syslog to remote server
> But still haven't had any success with the syslog on DB1.
I am assuming that the syslog server is not ap1 but a 3rd computer. Start with this 3rd computer and make sure nslookup works for both the hostname (db1) and also the IP address. If that does not work, fix that computer's resolver (hosts file or DNS). Also check if the 3rd computer only allows certain IP addresses to log messages. This can also be verified with Wireshark on your PC. Wireshark is a network traffic capture tool. Connect it to db1 with a hub (not a switch) so it can see all db1 traffic.
Bill Hassell, sysadmin
I am assuming that the syslog server is not ap1 but a 3rd computer. Start with this 3rd computer and make sure nslookup works for both the hostname (db1) and also the IP address. If that does not work, fix that computer's resolver (hosts file or DNS). Also check if the 3rd computer only allows certain IP addresses to log messages. This can also be verified with Wireshark on your PC. Wireshark is a network traffic capture tool. Connect it to db1 with a hub (not a switch) so it can see all db1 traffic.
Bill Hassell, sysadmin
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP