HPE Community
Operating System - HP-UX
1754312 Members
2773 Online
108813 Solutions
New Discussion юеВ

Remote syslog

 
2xyo
Frequent Advisor

тАО01-20-2010 07:58 AM

тАО01-20-2010 07:58 AM

Remote syslog

Dear,

i have a syslog-ng server on Debian Lenny. Some other servers on debian already sent there logs to the syslog server.

Now, i need to sent logs from my HP11.11 to the syslog server.

this is my configuration on hpuux server /etc/syslog.conf :
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
*.* @syslog.entreprise.fr

ping to syslog.entreprise.fr works from HPUX (i also tried with an ip).

My syslog-ng configuration :

source S_DNS {
tcp(ip("0.0.0.0") port(997)) ;
udp(ip("0.0.0.0") port(514)) ;
};

destination D_DNS_log {
file ("/LOG/$DAY.out" perm(0644));
};

log {
source(S_DNS);
destination(D_DNS_log);
};

I test on HP-UX with the command "logger -i -t logtest -- "my test". I get nothing on my syslog-ng server. This command works fine with other server on debian.

The process syslogd run :
hpux1st->ps -ef |grep syslog
root 27237 1 0 16:27:19 ? 0:00 /usr/sbin/syslogd -D

Any idea ? thanks
0 Kudos
9 REPLIES 9
Steven E. Protter
Exalted Contributor

тАО01-20-2010 08:39 AM

тАО01-20-2010 08:39 AM

Re: Remote syslog

Shalom,

On the Linux server:

iptables -L

Make sure port 514 is open.

Have you taken into account that the syslog file in HP-UX is /var/adm/syslog/syslog.log

The log might not land in the expected location on the Linux server.

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1211962

The above thread might contain further information and insights.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Matti_Kurkela
Honored Contributor

тАО01-20-2010 11:26 AM

тАО01-20-2010 11:26 AM

Re: Remote syslog

> *.* @syslog.entreprise.fr

All syslog.conf entries must have at least one TAB character between the selector ("*.*" here) and the destination ("@syslog.entreprise.fr").

A very common mistake is to use space characters instead of TABs.

MK
MK
0 Kudos
Johnson Punniyalingam
Honored Contributor

тАО01-20-2010 06:07 PM

тАО01-20-2010 06:07 PM

Re: Remote syslog

>>Matti<< Is correct " Common mistake while editing the syslog.conf by using "SPACE KEY" in stud of "TAB"
Problems are common to all, but attitude makes the difference
0 Kudos
2xyo
Frequent Advisor

тАО01-21-2010 01:44 AM

тАО01-21-2010 01:44 AM

Re: Remote syslog

Thanks for your reply

It's test server that's why my iptable is empty :
deb2nd:/LOG# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
There is no firewall between servers.

This is my /var/adm/syslog/syslog.log after a ssh login and a test with logger :
Jan 21 09:54:11 hpux1st sshd[14344]: error: PAM: Authentication failed for root from xxx.xxx.xxx.xxx
Jan 21 09:54:12 hpux1st sshd[14344]: Accepted keyboard-interactive/pam for root from xxx.xxx.xxx.xxx port 1337 ssh2
Jan 21 08:54:25 hpux1st cimserverd[1570]: cimserver[1116] not running, attempting restart
Jan 21 08:54:25 hpux1st cimserver[14371]: starting
Jan 21 08:54:25 hpux1st cimserver[14374]: failed to exec /opt/wbem/lbin/cimservermain
Jan 21 08:54:25 hpux1st cimserver[14374]: exited with status of 1
Jan 21 08:54:25 hpux1st cimserver[14373]: exited normally
Jan 21 09:54:35 hpux1st logtest[14377]: my test

I had a space instead of a TAB.I replace space by TAB and i restart syslogd. But it doesn't works anyway...

Now, since i modify my syslog.conf to put TAB, i have nothing in /var/adm/syslog/syslog.log (syslogd run..)
That's why i do this :

rm /etc/syslog.conf
echo "mail.debug\t/var/adm/syslog/mail.log" >/etc/syslog.conf
echo "*.info;mail.none\t/var/adm/syslog/syslog.log" >>/etc/syslog.conf
echo "*.alert\t/dev/console" >>/etc/syslog.conf
echo "*.alert\troot" >>/etc/syslog.conf
echo "*.emerg\t*" >>/etc/syslog.conf
echo "*.*\t@syslog.entreprise.fr" >>/etc/syslog.conf
cat /etc/syslog.conf
/sbin/init.d/syslogd stop
/sbin/init.d/syslogd start
logger -i -t logtest -- "my test"
tail -f /var/adm/syslog/syslog.log
And it's works locally ONLY...

Now i have to understand how works nettl to capture outgoing trafic.
0 Kudos
Johnson Punniyalingam
Honored Contributor

тАО01-21-2010 01:56 AM

тАО01-21-2010 01:56 AM

Re: Remote syslog

Check the below Thread.

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1219056
Problems are common to all, but attitude makes the difference
0 Kudos
Johnson Punniyalingam
Honored Contributor

тАО01-21-2010 01:58 AM

тАО01-21-2010 01:58 AM

Re: Remote syslog

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1000109
Problems are common to all, but attitude makes the difference
0 Kudos
2xyo
Frequent Advisor

тАО01-21-2010 02:08 AM

тАО01-21-2010 02:08 AM

Re: Remote syslog

My configuration on syslog server :
source S_DNS {
tcp(ip("0.0.0.0") port(997)) ;
udp(ip("0.0.0.0") port(514)) ;
};
Then i use a perl script to send syslog. But it doesn't works also. I do a capture with nettl et i find that syslog are send in UDP:997 !

Problem solved...

Thank you !
0 Kudos
2xyo
Frequent Advisor

тАО01-21-2010 02:13 AM

тАО01-21-2010 02:13 AM

Re: Remote syslog

Finally, i find :
It's impossible to use a joker * for the type of message. You need use *.info or *.debug but not *.*
0 Kudos
2xyo
Frequent Advisor

тАО02-04-2010 02:12 AM

тАО02-04-2010 02:12 AM

Re: Remote syslog

see above
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.