HPE Community
Operating System - HP-UX
1833310 Members
2963 Online
110051 Solutions
New Discussion

Re: HP-UX Log Forwarding

 
SOLVED
Go to solution
Alexandru Grigore
Occasional Contributor

‎08-16-2007 08:13 PM

‎08-16-2007 08:13 PM

HP-UX Log Forwarding

Hi all,

I'm running hp-ux v.B.11.11.
Is there any possibility to forward the syslog to a windows system?

I need this for SOX compliance - "intrust" from Quest has been purchased and we're to forward the logs to that win system hosting the Itrust application.

Could this be configured on HP-UX ?
Are there any docs /"log forwarding for dummies" on how to do it ?

I've read this, tried to configure accordingly but to no further result...
http://docs.hp.com/en/T2786-90090/ch03s03.html#chdgjaai


Thank you,
Alex.
0 Kudos
Reply
4 REPLIES 4
AwadheshPandey
Honored Contributor

‎08-16-2007 08:18 PM

‎08-16-2007 08:18 PM

Re: HP-UX Log Forwarding

may be this link will help u
http://docs.hp.com/en/5992-2331/ch06s03.html
It's kind of fun to do the impossible
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎08-16-2007 08:52 PM

‎08-16-2007 08:52 PM

Solution

Re: HP-UX Log Forwarding

HP-UX can certainly forward the log messages, but the Windows OS has no facility for receiving syslog-style log messages by default.

(The syslog message forwarding uses UDP port 514. It's a very simple protocol.)

I'm not familiar with Quest Intrust, but a quick Googling (using the words "quest intrust syslog") reveals that Intrust seems to have some sort of syslog functionality. Apparently newer versions of Intrust may have it built-in, but for older versions you may need to install an additional plugin named "Intrust for Syslog".

Of course, you'll need to configure Intrust to receive syslog messages, and you'll need to configure any firewalls in between the HP-UX and the Windows machine to allow UDP packets from HP-UX to port 514 of the Windows machine.

The instructions in
http://docs.hp.com/en/T2786-90090/ch03s03.html#chdgjaai
are assuming that an optional, enhanced version of syslog daemon (called syslog-ng) is used to receive the forwarded logs on a HP-UX system. Syslog-ng is very different from standard syslog: the enhanced version has a lot more functionality and a different configuration syntax.

To forward *everything* using HP-UX's standard syslog, you'll need to write something like this to /etc/syslog.conf on HP-UX:

*.*@

Note: replace with the FQDN or the IP address of the windows system running Intrust, and the s with actual tab characters. You can use one or more tabs, but it's important there's at least one TAB character. Using spaces instead of tabs will make the configuration line ineffective.

After editing the /etc/syslog.conf file, find the PID of the syslogd process and send a "kill -HUP" signal to that process. This causes syslogd to re-read its configuration file and will make the changes effective.
After doing this, run "tail -10 /var/adm/syslog/syslog.log": you should see a log message indicating that syslog configuration was changed. If there was an error in the syslog configuration file, the error message should be in the syslog.log too.

Note that syslog uses UDP protocol, so you cannot use telnet to verify that the connection from HP-UX to the windows host can be established.
You can use the "logger" command on HP-UX to test log forwarding. You can specify the log facility (the "class" of the message), the severity level and the actual message text.

Remember that UDP packets can sometimes be lost in the network. There is no system for acknowledging that a forwarded log message was actually received: syslog forwarding works on a "fire-and-forget" principle.

MK
MK
Reply
Alexandru Grigore
Occasional Contributor

‎08-16-2007 09:54 PM

‎08-16-2007 09:54 PM

Re: HP-UX Log Forwarding

Thank you Matti for your detailed answer, and thank you Awadhesh for the link.

I'll let you know of the result as soon as I'll have any results.

Thanks again,
Alex.
0 Kudos
Reply
Tim Nelson
Honored Contributor

‎08-17-2007 07:58 AM

‎08-17-2007 07:58 AM

Re: HP-UX Log Forwarding

Kiwi Syslogger works great to collect syslog entries

www.kiwisyslog.com

Runs on M$ can collect from any platform using syslogd

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.