HPE Community
Operating System - HP-UX
1833695 Members
3653 Online
110062 Solutions
New Discussion

Remote syslog from HP-UX to Linux Server

 
SOLVED
Go to solution
MattJ123
Frequent Advisor

‎10-20-2004 07:14 AM

‎10-20-2004 07:14 AM

Remote syslog from HP-UX to Linux Server

I'm attempting to setup remote syslog for certain log files originating on an HP-UX 11 server and the remote site is a Redhat Linux server.

On the linux server, I have enabled the -r flag:
SYSLOGD_OPTIONS="-m 0 -r"
and netstat -ln:
udp 0 0 0.0.0.0:514 0.0.0.0:*
confirms that the Redhat server is in fact, listening for syslog.

On the HP-UX side:
/etc/syslog.conf
mail.* @xxx.xxx.xxx.xxx
and the /sbin/init.d/syslog stop/start has been done.

The linux server isn't receiving remote syslog, Why?
0 Kudos
15 REPLIES 15
Steven E. Protter
Exalted Contributor

‎10-20-2004 07:19 AM

‎10-20-2004 07:19 AM

Re: Remote syslog from HP-UX to Linux Server

It appears that you are trying to send this log to an nfs export share on the Linux System.

Make sure all options, including squash are set correctly on the Linux NFS export. If not, root won't get appropriate permissions to write the file. Its possible to block NFS access by hostname or ip address, so I suggest a careful look at the /etc/exports file.

If there are problems exportfs -av to re-export the filesystems.

Most Linux boxes have a default iptables or ipchains firewall that blocks port 514 and other NFS ports.

check the /etc/sysconfig/iptables or ipchains file and see that apprioriate ports are open.

Failed write attempts should show up in the /var/log/message file on the Linux box, unless the firewall is blocking.

service iptables stop

resetart syslog on the HP box to test if the firewall is causing trouble.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
MattJ123
Frequent Advisor

‎10-20-2004 07:22 AM

‎10-20-2004 07:22 AM

Re: Remote syslog from HP-UX to Linux Server

NFS is not running on either site. I believe that syslogd can receive messages through udp, much as it does locally.

http://www.cse.msu.edu/~westrant/symlink/pages/HoneynetDocs/remote-syslog.htm as the site that gave me the idea.
0 Kudos
Sanjay_6
Honored Contributor

‎10-20-2004 07:24 AM

‎10-20-2004 07:24 AM

Re: Remote syslog from HP-UX to Linux Server

Hi,

On your linux server check the location of mail.* in the /etc/syslog.conf. Is it logging the mail log to syslog or some mail log file.

Hope this helps.

regds
0 Kudos
MattJ123
Frequent Advisor

‎10-20-2004 07:29 AM

‎10-20-2004 07:29 AM

Re: Remote syslog from HP-UX to Linux Server

I've tried doing a *.* @xxx.xxx.xxx.xxx and am still not receiving anything on the linux site. I then attempted a
mailx -s "test" email@domain.com <This is a test message
EOF

and in the HP server it appears in the mail.log, nothing on the linux server
0 Kudos
Sundar_7
Honored Contributor

‎10-20-2004 07:49 AM

‎10-20-2004 07:49 AM

Re: Remote syslog from HP-UX to Linux Server

Matthew,

Couple of things

1) /etc/syslog.conf is little sensitive about the spacing.

mail.* @xxx.xxx.xxx.xxx

2) You need to send a HUP signal to the syslogd in the HP-UX server.

# kill -1 `cat /var/run/syslogd.pid`

Test the communication using the logger command

logger -t mail.notice "Test from HP-UX"

- Sundar.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
MattJ123
Frequent Advisor

‎10-20-2004 07:56 AM

‎10-20-2004 07:56 AM

Re: Remote syslog from HP-UX to Linux Server

Currently, the line in the /etc/syslog.conf on HP-UX looks like:
*.* @

the whitespace is 1 tab exactly

I ran the logger command you mentioned:
in /var/log on the linux site:
grep -lR "HP-UX" *

found nothing
0 Kudos
Sundar_7
Honored Contributor

‎10-20-2004 08:05 AM

‎10-20-2004 08:05 AM

Re: Remote syslog from HP-UX to Linux Server

/etc/syslog.conf
*.* @

I dont see the Linux server name in there.

*.* @linux-server

did you send the HUP signal to syslogd in HP-UX ?

I would not recommend *.* to a different server, because the syslogd at the receiving end has no means of idenifying syslog messages from HP-UX, so the messages from both LINUX and HP-UX will mingle in the same log files, which I dont think you would prefer.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
MattJ123
Frequent Advisor

‎10-20-2004 08:07 AM

‎10-20-2004 08:07 AM

Re: Remote syslog from HP-UX to Linux Server

my apologies, my response was imcomplete.
*.* @ip.address

for testing purposes I want to do *.* until I see something, then I will tweak from that point.

kill -1 has been run again the syslogd
0 Kudos
Zinky
Honored Contributor

‎10-20-2004 08:17 AM

‎10-20-2004 08:17 AM

Re: Remote syslog from HP-UX to Linux Server

On your Linux SYSLOG Server's syslog.conf, have this:

# Output to console
*.err;mail,kern.notice;daemon,auth.debug;user.info /dev/console

# Output to local file "messages" for local analysis
*.err;auth,daemon,mark,kern.debug;auth,mail,user.notice /var/adm/messages


On your SYSLOG "Clients", have this in addition to your customisations:

# Forward to loghost MEDUSA on Lunar Sector 123
auth.info;mark.debug;*.debug @medusa.sec23.moon.com

HUP your syslogd processes and you should be all set for centralised logging.


And adjust accordingly..

HTH..
Hakuna Matata

Favourite Toy:
AMD Athlon II X6 1090T 6-core, 16GB RAM, 12TB ZFS RAIDZ-2 Storage. Linux Centos 5.6 running KVM Hypervisor. Virtual Machines: Ubuntu, Mint, Solaris 10, Windows 7 Professional, Windows XP Pro, Windows Server 2008R2, DOS 6.22, OpenFiler
0 Kudos
MattJ123
Frequent Advisor

‎10-20-2004 08:29 AM

‎10-20-2004 08:29 AM

Re: Remote syslog from HP-UX to Linux Server

># Output to console
>*.err;mail,kern.notice;daemon,auth.debug;user.info /dev/console
># Output to local file "messages" for local analysis
>*.err;auth,daemon,mark,kern.debug;auth,mail,user.notice /var/adm/messages
did both entries to the config and restarted daemon

as stated earlier i have *.* @xxx.xxx.xx.xxx
and its been hupped.

would you believe I'm still not getting log entries on the linux site?

i even tried *.* @xxx.xxx.xx.xxx:514
0 Kudos
Zinky
Honored Contributor

‎10-20-2004 08:33 AM

‎10-20-2004 08:33 AM

Re: Remote syslog from HP-UX to Linux Server

That is strange.

Have you inquired from some Linux sites as well?
Hakuna Matata

Favourite Toy:
AMD Athlon II X6 1090T 6-core, 16GB RAM, 12TB ZFS RAIDZ-2 Storage. Linux Centos 5.6 running KVM Hypervisor. Virtual Machines: Ubuntu, Mint, Solaris 10, Windows 7 Professional, Windows XP Pro, Windows Server 2008R2, DOS 6.22, OpenFiler
0 Kudos
MattJ123
Frequent Advisor

‎10-20-2004 08:39 AM

‎10-20-2004 08:39 AM

Re: Remote syslog from HP-UX to Linux Server

yes, i have tried from linux hosts as well with no luck.

same options in the remote sites syslog.conf:
*.* @xxx.xxx.xxx.xxx

/etc/init.d/syslog restart

on the syslog server
ls /var/adm/log
messages 0 bytes

the file was created, but nothing is being written to it.
0 Kudos
Zinky
Honored Contributor

‎10-20-2004 08:40 AM

‎10-20-2004 08:40 AM

Re: Remote syslog from HP-UX to Linux Server

Matthew,

The problem I think is with the client, I just did on my HP-UX boxen (syslog server is another HP-UX boxen). There should be a TAB separator between the notifications and the @SYSLOGHOST:

# Forward to loghost MEDUSA on Lunar Sector 123
auth.info;mark.debug;*.debug @medusa.sec23.moon.com


I could not earlier make it to work if the spearator were spaces...

HTH.
Hakuna Matata

Favourite Toy:
AMD Athlon II X6 1090T 6-core, 16GB RAM, 12TB ZFS RAIDZ-2 Storage. Linux Centos 5.6 running KVM Hypervisor. Virtual Machines: Ubuntu, Mint, Solaris 10, Windows 7 Professional, Windows XP Pro, Windows Server 2008R2, DOS 6.22, OpenFiler
0 Kudos
Ermin Borovac
Honored Contributor

‎10-20-2004 01:47 PM

‎10-20-2004 01:47 PM

Solution

Re: Remote syslog from HP-UX to Linux Server

I think your problem lies in the fact that on HP-UX you can't use asterisk for selecting all levels (i.e. facility.level). You can use asterisk to select all facilities though.

mail.* /* DOESN'T WORK */
*.debug /* SHOULD WORK */

You can run syslogd on HP-UX with debugging enabled (-d) and it should print error messages about lines in syslog.conf that it rejected.

Specifying particular level (e.g. debug) will select that level and all higher severity levels, so if you specify mail.debug in syslog.conf it will effectively select all levels (debug, info, notice, warning, err, crit, alert, emerg).

0 Kudos
MattJ123
Frequent Advisor

‎10-21-2004 01:31 AM

‎10-21-2004 01:31 AM

Re: Remote syslog from HP-UX to Linux Server

On Linux site:
/etc/sysconfig/syslog{
SYSLOGD_OPTIONS="-m 0 -r"
}
/etc/syslog.conf{
*.* /var/adm/messages
}

kill -1 PID for syslog

On HP-UX Site:
/etc/syslog.conf{
*.debug @xxx.xxx.xxx.xxx
}

kill -1 PID for syslog
logger -t mail.notice "Test from HP-UX"

Checked the Linux site, and the logs are appearing now. Thanks for the help everybody!
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.