HPE Community
Operating System - HP-UX
1847211 Members
2516 Online
110263 Solutions
New Discussion

Re: syslog.conf

 
Linda Lux
Regular Advisor

‎10-30-2006 04:16 AM

‎10-30-2006 04:16 AM

syslog.conf

My network admin wanted me to start sending the mail.debug to splunk(using an IP address). I added a line to syslog.conf like this:
mail.debug 10.2.6.170(splunk ip address)
following the
mail.debug /var/adm/syslog/mail.log

however he has said that nothing is coming over.
I stopped and started syslogd
If it isn't one thing, it's another
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎10-30-2006 04:22 AM

‎10-30-2006 04:22 AM

Re: syslog.conf

Shalom Linda,

syslog uses port 514.

See that any firewalls permit this traffic point to point at least.

On the send server:
tcpdump -i lan0 port 514
#replace lan0 with actual

On the recipient
tcpdump -i lan0 port 514
#replace lan0 with actual

lanscan or look at ifconfig to find out actual on lan

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎10-30-2006 04:24 AM

‎10-30-2006 04:24 AM

Re: syslog.conf

Hi Linda:

You need an "@" character in front of the address. Better yet, change the IPaddress to a hostname with the "@" preceeding it.

Regards!

...JRF...
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎10-30-2006 04:24 AM

‎10-30-2006 04:24 AM

Re: syslog.conf

The syslog.conf file REQUIRES tabs between the 'mail.debug' and the IP address. If you just use spaces it will not work.

According to the man page for syslogd: "The action field is separated from the selector by one or more tabs."
0 Kudos
Reply
Linda Lux
Regular Advisor

‎10-30-2006 04:37 AM

‎10-30-2006 04:37 AM

Re: syslog.conf

I am sorry the line is

mail.debug (tab) (tab) @10.2.6.179

Linda
If it isn't one thing, it's another
0 Kudos
Reply
Linda Lux
Regular Advisor

‎10-30-2006 04:41 AM

‎10-30-2006 04:41 AM

Re: syslog.conf

I have syslog.log file going to that IP address in syslog.conf and that is going through.
Linda
If it isn't one thing, it's another
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.