HPE Community
Operating System - HP-UX
1822144 Members
3289 Online
109640 Solutions
New Discussion юеВ

Logging syslog messages to a remote server

 
Paul F. Bennett
Advisor

тАО01-22-2008 08:39 AM

тАО01-22-2008 08:39 AM

Logging syslog messages to a remote server

I have attempted to configure multiple systems to send syslog message to a remote syslog collector/server but its not working, the logs never reach the server. There are several other previously configured systems that are sending logs fine.

I have added the line: '*.debug @' to /etc/syslog.conf

I had added the entry '/usr/lbin/ftpd -d -l' to the ftp line in /etc/inetd.conf

I have run inetd -c to re-read the syslog.conf file

I have run inetd -l to enable logging as well as checked syslog to verify it is enabled.

I have stopped & restarted syslog daemon with S220syslogd stop/start

I can ftp to the syslog server... well at least to get a login prompt

The syslog server is configure to accept any IP, plus several AIX systems have been configured with no problems, since.

lsof output:
lsof | grep syslog# syslogd 11203 root 13u IPv6 0xe000000143df8ac0 0t0 UDP *:55176 (Idle)

The system(s) 'appears' to be configured exactly like the systems that are working.

Any thought? :-(
0 Kudos
Reply
9 REPLIES 9
Tim Nelson
Honored Contributor

тАО01-22-2008 08:46 AM

тАО01-22-2008 08:46 AM

Re: Logging syslog messages to a remote server

adding a line like

*.info;mail.none @mylogserver.here.com

to /etc/syslog.conf

then sending SIGHUP ( kill -1 syslogd_pid )

Should do it.



0 Kudos
Reply
Mridul Shrivastava
Honored Contributor

тАО01-22-2008 08:50 AM

тАО01-22-2008 08:50 AM

Re: Logging syslog messages to a remote server

Add loghost entry in the /etc/hosts file

like

10.10.10.1 system1
10.10.10.2 system2 loghost

System1 is your machine and system2 is the machine you want to send log.

in /etc/syslog.conf add

*.info;mail.none @loghost

restart syslog daemon. Log should be going to the second server.
Time has a wonderful way of weeding out the trivial
0 Kudos
Reply
Paul F. Bennett
Advisor

тАО01-22-2008 09:50 AM

тАО01-22-2008 09:50 AM

Re: Logging syslog messages to a remote server

The '*.info;mail.none' line was already in the inetd.conf file, it points to syslogs.log.

I also added the IP's of the system and the server to the ./etc/hosts file.

Unfortunately, its still not sending logs :-(
0 Kudos
Reply
Paul F. Bennett
Advisor

тАО01-22-2008 10:00 AM

тАО01-22-2008 10:00 AM

Re: Logging syslog messages to a remote server

Oh yeah, and I restarted syslogd with:

# ./S220syslogd stop
# ./S220syslogd start
0 Kudos
Reply
Mridul Shrivastava
Honored Contributor

тАО01-22-2008 10:14 AM

тАО01-22-2008 10:14 AM

Re: Logging syslog messages to a remote server

That entry is to write to syslog.log on the system, you need to add one more entry for the remote server if you want syslog to be updated on both places.
Time has a wonderful way of weeding out the trivial
0 Kudos
Reply
Paul F. Bennett
Advisor

тАО01-22-2008 10:19 AM

тАО01-22-2008 10:19 AM

Re: Logging syslog messages to a remote server

Here is my syslog.conf file, minus the exact IP addresses:
-------------------------------------------
#
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
*.debug @10.xx3.74.xx0
*.debug @10.xx3.74.xx1

-------------------------------------------



0 Kudos
Reply
TwoProc
Honored Contributor

тАО01-22-2008 10:33 AM

тАО01-22-2008 10:33 AM

Re: Logging syslog messages to a remote server

Add this line to the bottom of syslog.conf:

*.info;mail.none @10.xx3.74.xx1

( yes, it can be in there twice and not affect the line before)...

Then restart the syslog server (as before in other post).

And then issue the command:

$> logger "This is a test for syslog redirect"


You should see the "This is ..." on the other server. Have you tried using the "logger" command to write to both log files?

We are the people our parents warned us about --Jimmy Buffett
0 Kudos
Reply
Paul F. Bennett
Advisor

тАО01-22-2008 11:15 AM

тАО01-22-2008 11:15 AM

Re: Logging syslog messages to a remote server

Still nothing :-( The syslog server is actually a RSA log colllection tool, I'm going to talked with the admins of that tool because I think the HP-UX end is configured correctly, thanks!
0 Kudos
Reply
TwoProc
Honored Contributor

тАО01-22-2008 12:16 PM

тАО01-22-2008 12:16 PM

Re: Logging syslog messages to a remote server

I didn't check up on this well enough before my last posting. According to the man page, the logger command sends at the "user.notice" level, not on *.info - so, just try this one more thing, and if it doesn't work, then you need to talk to your buddies for the other server.

So, add this to you syslog.conf file:

*.notice @10.xx3.74.xx1

Then try the logger command as suggested before.
We are the people our parents warned us about --Jimmy Buffett
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.