HPE Community
Operating System - HP-UX
1850855 Members
2706 Online
104056 Solutions
New Discussion

syslog forwarding question

 
SOLVED
Go to solution
Richard Murden
Regular Advisor

‎01-12-2006 05:27 AM

‎01-12-2006 05:27 AM

syslog forwarding question

I have setup syslog fowarding to send all local6 data from server A to server B. Everything seems to come over correctly but we have noticed that the origination of the errors says server A. It should not be server A but one of the Cisco devices we are trapping. How do i correct this? We are running 11.0.
Points to be awarded!
Thanks,
Richard
0 Kudos
Reply
6 REPLIES 6
Steven E. Protter
Exalted Contributor

‎01-12-2006 06:31 AM

‎01-12-2006 06:31 AM

Re: syslog forwarding question

Shalom Richard,

There is a file called /etc/syslog.conf

See the line called
*.info;mail.none /var/adm/syslog/syslog.log

Add a line right below that looks like this:
*.info;mail.none @hostname_of_log_server

/sbin/init.d/syslogd stop
/sbin/init.d/syslogd start

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Richard Murden
Regular Advisor

‎01-12-2006 06:36 AM

‎01-12-2006 06:36 AM

Re: syslog forwarding question

I have a line in the syslog.conf file that says:
local6.info @xx.xxx.xx.xxx

Are you saying that i need to add the line you suggested to get the correct origination of the message?
0 Kudos
Reply
Sundar_7
Honored Contributor

‎01-12-2006 07:44 AM

‎01-12-2006 07:44 AM

Re: syslog forwarding question

I am taking a wild guess here. Pardon me if I am way too off. I guess Server A is getting the traps from the Cisco device, which inturn is forwarded to Server B.

If this is the case, I believe there is no way to get the correct originator in Server B. Why not just forward the traps from Cisco devices to Server B ?
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Richard Murden
Regular Advisor

‎01-12-2006 07:57 AM

‎01-12-2006 07:57 AM

Re: syslog forwarding question

Good question, the problem is, is that our WAN Dept. wants to keep all of their logging on one server. Someone mentioned using syslog-ng? Stands for new generation. Have you ever heard of that?
0 Kudos
Reply
Sundar_7
Honored Contributor

‎01-12-2006 08:39 AM

‎01-12-2006 08:39 AM

Re: syslog forwarding question

Ofcourse. if syslog is foreign to me, I am not an UNIX admin :-).

Do you know how Cisco forwards the traps to Server A ?

I can suggest one more way - append local6.* messages in a file in Server A. Run a routine from crontab to scan the file for new messages and use some other syslog facility (for ex local7 ) to forward the message to Server B.
Learn What to do ,How to do and more importantly When to do ?
Reply
Sorrel G. Jakins
Valued Contributor

‎01-13-2006 03:18 AM

‎01-13-2006 03:18 AM

Solution

Re: syslog forwarding question

syslog-ng only applies to hpux 11.23 (and future releases). When syslog-ng (such a mouthful, can we call it sng? or snog?) forwards stuff it appends the local system designation and a timestamp.

HTH
Sorrel Jakins, Brigham Young U
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.