- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- syslog port issue
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2012 01:02 AM
12-17-2012 01:02 AM
Hi Admins,
HPUX 11.31
Syslog server is not discovering hpux systems as cleints. When checked in hpux servers found below comment.
#cat /etc/services|grep 514
shell 514/tcp cmd # remote command, no passwd used
syslog 514/udp # remote system logging#
#netstat -an|grep 514
tcp 0 0 *.514 *.* LISTEN
/etc/services shows port 514 for syslog is UDP and same port is used for shell by TCP.
And netstat shows TCP is the listening the port 514.
Because of this syslog server not able to communicate with client.
I think we can disable (remshd) service, so TCP stops using 514 and UDP can use it.My second option is to map different port to syslog.
Please guide me to how to make UDP to listen the port 514 instead TCP.
Regards
himacs
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2012 03:22 AM
12-17-2012 03:22 AM
Re: syslog port issue
I tried with stoopin shell service and commented in /etc/services also.But still syslogd not using the port.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2012 09:56 AM
12-17-2012 09:56 AM
Re: syslog port issue
>>Syslog server is not discovering hpux systems as cleints
I'm not sure what you mean by this.
Typically a syslog server receives information from other servers and really does nothing else. Basically all of your HP-UX servers must have syslog configured so that it sends it syslog messages to your syslog server. This is done via the /etc/syslogd.conf file.
In order to send emergency level and higher messages to a remote server (IP 1.2.3.4 for example), you must put the following in your syslog.conf file:
*.emerg @1.2.3.4
NOTE: The syslog.conf file can only have TAB between fields, NOT spaces.
There are numerous threads in the forums regarding syslog configuration.
Also, as far as TCP vs. UDP ports go they are completely separate ports. You can have port 514 running on both TCP and UDP at the same time without any problems whatsoever. While it is a good idea to disable the shell service, it is not required in order for remote syslog to work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2012 12:44 AM
12-18-2012 12:44 AM
Re: syslog port issue
Hi Patrick,
THanks for the response.
>>Syslog server is not discovering hpux systems as cleints
Syslog server(Linux) not able to communicate with hpux server.So that logs from hpux not forawarding to syslog server.
Actual issue was udp port is not communicating with 514 port.When i modified the SYSLOGD_OPTS="-D -N" in /etc/rc.config.d/syslogd file, UDP started listening to 514. Actually i removed -N parameter.It was blocking the system
with listening UDP to 514 port.
#netstat -an|grep 514
udp 0 0 *.514 *.*
Is it necessary to configure syslog-ng in hpux 11.31 client , to forward logs to syslog server.
Regards
himacs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2012 01:54 AM
12-18-2012 01:54 AM
SolutionIt is not necessary for the HP-UX system to listen on UDP port 514 in order to send logs to the remote syslog server.
When you removed the -N parameter, you effectively made the HP-UX system into *another* syslog server. But if there are no syslog clients configured to send logs to the HP-UX, then the HP-UX will receive no logs from any remote clients.
The syslog protocol does not include any mechanism for the syslog server to actively "discover" clients nor to "pull" logs from the syslog clients - the server can only passively wait & accept what is "pushed" to it by the clients.
If you need the HP-UX to send logs to a syslog server in another host, you must configure /etc/syslog.conf on the HP-UX host as described by Patrick.
When a remote syslog server is listed in /etc/syslog.conf in HP-UX, the syslog daemon will "push" the logs to the remote server if the facility/severity of the log message is included in the selector specification on the /etc/syslog.conf line. The syslog daemon will not hold a port open constantly for sending - whenever it needs to send a log message, it will instantly open an UDP port, send the message, and then close it. This will happen so fast that you're unlikely to catch it in a "netstat" listing unless you configure your system to send a very large number of log messages. (Remember that UDP ports do not have _WAIT states like TCP ports have.)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2012 04:09 AM
12-18-2012 04:09 AM
Re: syslog port issue
Thanks MK and Patrick for solving my doubts.
I was thinking due to -N option, in hpux server,UDP is not able to communicate with port 514.its not pushing logs to syslog server.
Now i have reconfigured the syslog.conf and it worked.
I think Issue was with space used in syslog.conf file instead of tab(not sure).
Old conf file :
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
*.alert;*.info;*.emerg;mail.none @1.2.3.4
New conf file :
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
*.notice;*.info @1.2.3.4
*.debug @1.2.3.4
Is there any mismatch in old conf file..other than space issue...?
Regards
himacs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2012 06:52 AM
12-18-2012 06:52 AM
Re: syslog port issue
Your new configuration looks workable, but remember that all the priority specifier automatically include the higher priorities as well. If you specify *.info, there will be no point to specify *.notice too, as *.info will automatically include *.notice.
And *.debug will include absolutely everything, since "debug" is the lowest priority specifier.
So, if you want to forward everything to the syslog server, the "*.debug @1.2.3.4" line does that. If you use that line, you don't need the previous "*.notice;*.info @1.2.3.4" line at all.