HPE Community
Operating System - HP-UX
1834747 Members
2503 Online
110070 Solutions
New Discussion

sending all syslog events to a syslog server

 
rana786
Regular Advisor

‎02-28-2007 05:51 PM

‎02-28-2007 05:51 PM

sending all syslog events to a syslog server

Hi all,

I want to send all syslog events and bad login to send to a windows/Linux syslog server. How can I do that? What should I need to configure in my hp-ux system?

Best regards,
Rana
Walker_dhk
0 Kudos
Reply
10 REPLIES 10
Ivan Krastev
Honored Contributor

‎02-28-2007 06:34 PM

‎02-28-2007 06:34 PM

Re: sending all syslog events to a syslog server

See this previous thread - http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=750918

regards,
ivan
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎02-28-2007 09:26 PM

‎02-28-2007 09:26 PM

Re: sending all syslog events to a syslog server

Shalom,

Yes of course you can do that. syslog used port 514 and you'll need to insure that port is open on the Linux boxes and all intervening firewalls.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Sunny Jaisinghani
Trusted Contributor

‎02-28-2007 10:06 PM

‎02-28-2007 10:06 PM

Re: sending all syslog events to a syslog server

hi

yes u can do that.

u need to configure your

/etc/hosts file by adding a loghost entry for your syslog server in all the clients.

also you need to configure /etc/syslog.conf

sunny
0 Kudos
Reply
gstonian
Trusted Contributor

‎02-28-2007 10:46 PM

‎02-28-2007 10:46 PM

Re: sending all syslog events to a syslog server

Configure your /etc/syslog.conf file, not forgetting to update the central syslog server in your /etc/hosts file and ensure all firewalls/port are open to allow set up.

It works fine for us.
0 Kudos
Reply
Peter Nikitka
Honored Contributor

‎03-01-2007 08:24 AM

‎03-01-2007 08:24 AM

Re: sending all syslog events to a syslog server

Hi,

note that you have to add the option '-r' to the syslog on a Linux box, so its syslogd is listening to remote log requests.

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Reply
rana786
Regular Advisor

‎03-01-2007 10:36 PM

‎03-01-2007 10:36 PM

Re: sending all syslog events to a syslog server

Hi all,

My central syslog server is windows based 'winsyslog'. 514 port is open to all client in the syslog server. I configured syslog.conf to send warn, err to the ip address of syslog server and then stop/started syslogd but still does not getting any response. Do I need to add ip address of syslog server in the /etc/hosts file? I have added following line in the syslog.conf file.

*.warn;*.err @172.16.1.36

What else should I need to configure? Is Windows syslog server capable to receive event from ux? Should I go for linux syslog server? please help.
Walker_dhk
0 Kudos
Reply
Peter Nikitka
Honored Contributor

‎03-02-2007 12:08 AM

‎03-02-2007 12:08 AM

Re: sending all syslog events to a syslog server

Hi,

- the delimiter must be a TAB:
*.warn;*.err@172.16.1.36

- go Linux

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Reply
Sunny Jaisinghani
Trusted Contributor

‎03-02-2007 12:32 AM

‎03-02-2007 12:32 AM

Re: sending all syslog events to a syslog server

hi,

your /etc/hosts file should contain an entry like this

loghost


and in /etc/syslog.conf

*.warn @loghost
*.err @loghost
0 Kudos
Reply
Sunny Jaisinghani
Trusted Contributor

‎03-02-2007 12:35 AM

‎03-02-2007 12:35 AM

Re: sending all syslog events to a syslog server

Hi Rana,

don't know about windows syslog server.
it would be better if you use linux syslog server.
Linux syslog should definately work.
0 Kudos
Reply
PeterWolfe
Respected Contributor

‎03-02-2007 06:23 AM

‎03-02-2007 06:23 AM

Re: sending all syslog events to a syslog server

winsyslog is a syslog daemon for windows.
If that is working for you for other
UNIX systems, it should work fine with HP-UX.
Linux log consolidators definitely work.
HP-UX log consolidators definitely work.

Try using @
and make sure the fully qualified name
of the windows system is in /etc/hosts.

Test forwarding using logger -p. IOW,
given you forwarding filter,
you need to generate syslog messages
with the right facility.priority
(specifically warnings and errors)
Try something like:
logger -p user.warning "test message"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.