HPE Community
Operating System - HP-UX
1770963 Members
2722 Online
109003 Solutions
New Discussion юеВ

HP Unix is forwarding the syslog towards the logstash without Hostname/Hostaddress

 
Balu_dxc
Occasional Visitor

тАО04-10-2023 04:49 AM - last edited on тАО04-12-2023 02:09 AM by

тАО04-10-2023 04:49 AM - last edited on тАО04-12-2023 02:09 AM by

HP Unix is forwarding the syslog towards the logstash without Hostname/Hostaddress

HP Unix is forwarding the syslog towards the logstash without Hostname/Hostaddress.

HP UX 11.31

Please helps us how to fix this

0 Kudos
Reply
3 REPLIES 3
Vinky_99
Esteemed Contributor

тАО04-12-2023 12:17 AM

тАО04-12-2023 12:17 AM

Re: HP Unix is forwarding the syslog towards the logstash without Hostname/Hostaddress

@Balu_dxc 

 

To fix this issue, you can try the following steps:

  1. Check if the syslog configuration file (/etc/syslog.conf) on the HP-UX server includes the hostname in the log entry. You can add the following line to the configuration file:

 

*.info;mail.none;auth.notice       @logstash.example.com

 

Replace logstash.example.com with the hostname or IP address of your logstash server.

  1. Restart the syslog service on the HP-UX server to apply the changes: 

 

# /sbin/init.d/syslogd stop
# /sbin/init.d/syslogd start
тАЛ

 

 3. If the hostname is still not being included in the log entries, you can try adding the following parameter to the syslogd startup script (/sbin/init.d/syslogd) on the HP-UX server: 

 

SYSLOGD_FLAGS="-h"

 

This will tell syslogd to include the hostname in the log entries. Make sure to restart the syslogd service after making this change.

  1. If the issue still persists, you can try configuring logstash to use the source IP address of the HP-UX server as the hostname for the log entries. To do this, add the following line to your logstash configuration file:

 

filter {
  if [host] =~ /^10\.0\.0\./ {   # Replace with the IP address range of your HP-UX servers
    mutate {
      replace => { "host" => "%{source}" }
    }
  }
}
тАЛ

This will replace the hostname in the log entries with the source IP address of the HP-UX server.

 

 

I hope this will help you. Let me know... 

These are my opinions so use it at your own risk.
0 Kudos
Reply
Balu_dxc
Occasional Visitor

тАО04-13-2023 09:00 AM

тАО04-13-2023 09:00 AM

Re: HP Unix is forwarding the syslog towards the logstash without Hostname/Hostaddress

Hi Vinky,

Thanks for your response.

We did try in /etc/syslog.conf and /sbin/init.d/syslogd options. However, persisting the same issue.

In Syslog header the source and destination ip's are reflecting. However in payload it is missing. Please refer the below sample message. and help us

xx:xx:xx.xxxxxx IP 15.x.x.x.49152 > 15.x.x.x.syslog: SYSLOG auth.info, length: 89
E..u.B@.<.^G......<T.....a8.<38>Mar XX 18:07:41 sshd[xxxxx]: rexec line 78: Deprecated option

 

 

0 Kudos
Reply
shiva_jr
HPE Pro

тАО04-13-2023 08:25 PM

тАО04-13-2023 08:25 PM

Re: HP Unix is forwarding the syslog towards the logstash without Hostname/Hostaddress

Hi Balu_DXC,
I am not sure about the steps but you can just try.
1. logstash will work using the TCP port 5140. You can disable the port in HP-UX system.
2. Navigate to /etc/rsyslog.d/50-default.conf and comment the line *.* @@127.0.0.1:10514

Regards,
Shiva_JR

I work for HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.