- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Remote syslog
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-20-2010 07:58 AM
тАО01-20-2010 07:58 AM
Remote syslog
i have a syslog-ng server on Debian Lenny. Some other servers on debian already sent there logs to the syslog server.
Now, i need to sent logs from my HP11.11 to the syslog server.
this is my configuration on hpuux server /etc/syslog.conf :
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
*.* @syslog.entreprise.fr
ping to syslog.entreprise.fr works from HPUX (i also tried with an ip).
My syslog-ng configuration :
source S_DNS {
tcp(ip("0.0.0.0") port(997)) ;
udp(ip("0.0.0.0") port(514)) ;
};
destination D_DNS_log {
file ("/LOG/$DAY.out" perm(0644));
};
log {
source(S_DNS);
destination(D_DNS_log);
};
I test on HP-UX with the command "logger -i -t logtest -- "my test". I get nothing on my syslog-ng server. This command works fine with other server on debian.
The process syslogd run :
hpux1st->ps -ef |grep syslog
root 27237 1 0 16:27:19 ? 0:00 /usr/sbin/syslogd -D
Any idea ? thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-20-2010 08:39 AM
тАО01-20-2010 08:39 AM
Re: Remote syslog
On the Linux server:
iptables -L
Make sure port 514 is open.
Have you taken into account that the syslog file in HP-UX is /var/adm/syslog/syslog.log
The log might not land in the expected location on the Linux server.
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1211962
The above thread might contain further information and insights.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-20-2010 11:26 AM
тАО01-20-2010 11:26 AM
Re: Remote syslog
All syslog.conf entries must have at least one TAB character between the selector ("*.*" here) and the destination ("@syslog.entreprise.fr").
A very common mistake is to use space characters instead of TABs.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-20-2010 06:07 PM
тАО01-20-2010 06:07 PM
Re: Remote syslog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-21-2010 01:44 AM
тАО01-21-2010 01:44 AM
Re: Remote syslog
It's test server that's why my iptable is empty :
deb2nd:/LOG# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
There is no firewall between servers.
This is my /var/adm/syslog/syslog.log after a ssh login and a test with logger :
Jan 21 09:54:11 hpux1st sshd[14344]: error: PAM: Authentication failed for root from xxx.xxx.xxx.xxx
Jan 21 09:54:12 hpux1st sshd[14344]: Accepted keyboard-interactive/pam for root from xxx.xxx.xxx.xxx port 1337 ssh2
Jan 21 08:54:25 hpux1st cimserverd[1570]: cimserver[1116] not running, attempting restart
Jan 21 08:54:25 hpux1st cimserver[14371]: starting
Jan 21 08:54:25 hpux1st cimserver[14374]: failed to exec /opt/wbem/lbin/cimservermain
Jan 21 08:54:25 hpux1st cimserver[14374]: exited with status of 1
Jan 21 08:54:25 hpux1st cimserver[14373]: exited normally
Jan 21 09:54:35 hpux1st logtest[14377]: my test
I had a space instead of a TAB.I replace space by TAB and i restart syslogd. But it doesn't works anyway...
Now, since i modify my syslog.conf to put TAB, i have nothing in /var/adm/syslog/syslog.log (syslogd run..)
That's why i do this :
rm /etc/syslog.conf
echo "mail.debug\t/var/adm/syslog/mail.log" >/etc/syslog.conf
echo "*.info;mail.none\t/var/adm/syslog/syslog.log" >>/etc/syslog.conf
echo "*.alert\t/dev/console" >>/etc/syslog.conf
echo "*.alert\troot" >>/etc/syslog.conf
echo "*.emerg\t*" >>/etc/syslog.conf
echo "*.*\t@syslog.entreprise.fr" >>/etc/syslog.conf
cat /etc/syslog.conf
/sbin/init.d/syslogd stop
/sbin/init.d/syslogd start
logger -i -t logtest -- "my test"
tail -f /var/adm/syslog/syslog.log
And it's works locally ONLY...
Now i have to understand how works nettl to capture outgoing trafic.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-21-2010 01:56 AM
тАО01-21-2010 01:56 AM
Re: Remote syslog
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1219056
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-21-2010 01:58 AM
тАО01-21-2010 01:58 AM
Re: Remote syslog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-21-2010 02:08 AM
тАО01-21-2010 02:08 AM
Re: Remote syslog
source S_DNS {
tcp(ip("0.0.0.0") port(997)) ;
udp(ip("0.0.0.0") port(514)) ;
};
Then i use a perl script to send syslog. But it doesn't works also. I do a capture with nettl et i find that syslog are send in UDP:997 !
Problem solved...
Thank you !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-21-2010 02:13 AM
тАО01-21-2010 02:13 AM
Re: Remote syslog
It's impossible to use a joker * for the type of message. You need use *.info or *.debug but not *.*
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-04-2010 02:12 AM
тАО02-04-2010 02:12 AM