HPE Community
Operating System - HP-UX
1843935 Members
1891 Online
110226 Solutions
New Discussion

syslog server configuration

 
Azaru
Regular Advisor

‎02-02-2010 02:36 AM

‎02-02-2010 02:36 AM

syslog server configuration

Hi All,


Please help to configure syslog server in hpux.
0 Kudos
Reply
19 REPLIES 19
Horia Chirculescu
Honored Contributor

‎02-02-2010 02:46 AM

‎02-02-2010 02:46 AM

Re: syslog server configuration

Hello,

The configuration is done through /etc/syslog.conf

Take a look at this file (there are some usefull comments)

and man syslog

Horia.
Best regards from Romania,
Horia.
0 Kudos
Reply
Azaru
Regular Advisor

‎02-02-2010 03:03 AM

‎02-02-2010 03:03 AM

Re: syslog server configuration

Hi,

This is my /etc/syslog.conf file in client side. Please take a look.



# @(#)B11.23_LR
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
*.info;mail.none @bkpsvr


And added bkpsvr entry in /etc/hosts file

And restarted but no effect.

What else to be done?

Thanks for the reply
0 Kudos
Reply
Horia Chirculescu
Honored Contributor

‎02-02-2010 03:15 AM

‎02-02-2010 03:15 AM

Re: syslog server configuration

In order to perform redirect, you must prepare syslogd to accept remote logging message on the system bkpsvr.

Also, if bkpsvr is behind a firewall, you must allow syslog traffic to pass through.

Horia.
Best regards from Romania,
Horia.
0 Kudos
Reply
Michal Kapalka (mikap)
Honored Contributor

‎02-02-2010 03:18 AM

‎02-02-2010 03:18 AM

Re: syslog server configuration

hi,

check the configuration on the SYSlog server side, if its reachable for the forwarded client.

mikap
0 Kudos
Reply
Horia Chirculescu
Honored Contributor

‎02-02-2010 03:30 AM

‎02-02-2010 03:30 AM

Re: syslog server configuration

>And restarted but no effect.

You do not need to restart. After altering configuration file, you can perform a

kill -HUP `cat /var/run/syslog.pid`

to force re-load the configuration file.

Horia.

Best regards from Romania,
Horia.
0 Kudos
Reply
Azaru
Regular Advisor

‎02-02-2010 04:25 AM

‎02-02-2010 04:25 AM

Re: syslog server configuration

Hi all,

What needs to be done on bkpsvr to accept the logs from client?

There is no firewall between them.

I have done

kill -HUP `cat /var/run/syslog.pid`

But where the logs will get stored?
0 Kudos
Reply
Horia Chirculescu
Honored Contributor

‎02-02-2010 04:31 AM

‎02-02-2010 04:31 AM

Re: syslog server configuration

>What needs to be done on bkpsvr to accept the logs from client?

It depends on what kind of SO you have there.

On HP-UX you need to do nothing, your syslogd accepts by default network connections.

From Linux, you must call syslogd with -r parameter.

man syslogd

on this server would help understanding the syntax.

Horia.
Best regards from Romania,
Horia.
0 Kudos
Reply
Horia Chirculescu
Honored Contributor

‎02-02-2010 04:36 AM

‎02-02-2010 04:36 AM

Re: syslog server configuration

>But where the logs will get stored?

Where you asked to syslogd to send those (you instructed syslogd on the file /etc/syslog.conf)

Horia.
Best regards from Romania,
Horia.
0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

‎02-02-2010 04:45 AM

‎02-02-2010 04:45 AM

Re: syslog server configuration

>>What needs to be done on bkpsvr to accept the logs from client?<<<

Do your >>Backup Server Running Any application to capture the "Syslog" from Clients ?? IF Not you try ftp syslog

Alternative Choice :-

scp -p /var/adm/syslog/syslog.log Bkupserver:/logs/hostname
Problems are common to all, but attitude makes the difference
0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

‎02-02-2010 04:49 AM

‎02-02-2010 04:49 AM

Re: syslog server configuration

if you have any Software Installed on the backup server, You can edit "syslog.conf file from the your client side

Check below thread for more infromation

http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1265114848901+28353475&threadId=1219056
Problems are common to all, but attitude makes the difference
0 Kudos
Reply
Azaru
Regular Advisor

‎02-02-2010 09:30 PM

‎02-02-2010 09:30 PM

Re: syslog server configuration

Where(path) can i find the logs of clients in bkpsvr server.
0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

‎02-02-2010 09:41 PM

‎02-02-2010 09:41 PM

Re: syslog server configuration

>>Where(path) can i find the logs of clients in bkpsvr server<<<

Before Answering your Question.

Did you give any information, what do really need so that we can help you accordingly

Are you running Any application or Software ? to Capture the syslog in your Backup Server
Problems are common to all, but attitude makes the difference
0 Kudos
Reply
Horia Chirculescu
Honored Contributor

‎02-02-2010 09:42 PM

‎02-02-2010 09:42 PM

Re: syslog server configuration

It depends on your OS that you have.

By default, on HP-UX, check:

/var/adm/syslog/

On Linux, check:

/var/log

But again, those directories and the associated files are set up on /etc/syslog.conf
Check that file on bkpsvr!

Best regards,
Horia.
Best regards from Romania,
Horia.
0 Kudos
Reply
Azaru
Regular Advisor

‎02-02-2010 09:43 PM

‎02-02-2010 09:43 PM

Re: syslog server configuration

But we have done os hardening on all the servers. Will the client send logs to server withour credential?
0 Kudos
Reply
Azaru
Regular Advisor

‎02-02-2010 09:46 PM

‎02-02-2010 09:46 PM

Re: syslog server configuration

No we are not using any software,application to capture syslog.
0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

‎02-02-2010 09:54 PM

‎02-02-2010 09:54 PM

Re: syslog server configuration

>>But we have done os hardening on all the servers. Will the client send logs to server withour credential?<<<<

Again this doesn't give enough information what you are looking for


>>No we are not using any software,application to capture syslog.<<

if you are not using any SW or Application, what method are you using to capture your syslog ??????

are you using ftp/sftp method to copy your "Client Syslog" to your "Backup Server" ??

if your server harden you may need use (sftp /scp) secured copy of your "Client Syslog" to your backup Server"


Problems are common to all, but attitude makes the difference
0 Kudos
Reply
Horia Chirculescu
Honored Contributor

‎02-02-2010 10:41 PM

‎02-02-2010 10:41 PM

Re: syslog server configuration

>No we are not using any software,application to capture syslog.

>Will the client send logs to server withour credential?

Syslog does not use any encryption to send data to remote server.

If this troubles you, you can make another private LAN (insert another ethernet card in each server) between all your servers that will send syslog data to the bkpsvr server.

Alternatively, you could implement (on bkpsvr) a sollution based on scp as Johnson suggested.
You could run on bkpsvr from time to time a script (use crontab) that will use scp to copy the logs that you want, from whatever server you want.

Best regards,
Horia.

Best regards from Romania,
Horia.
0 Kudos
Reply
Kanagaraj
Regular Advisor

‎02-03-2010 01:39 AM

‎02-03-2010 01:39 AM

Re: syslog server configuration

Hi Azar,

In syslog server configure like this.

/etc/syslog.conf file

local2.debug

eg.

local2.debug /backuplogs/ems/srvr_syslog.log



at client machine.

Syslog server: SYSLOGSRVR

put entries in /etc/syslog.conf file

local2.debug @SYSLOGSRVR


I hope this will help you out to setup a syslog server.

also see this link.
http://www.linuxhomenetworking.com/cisco-hn/syslog-cisco.htm
0 Kudos
Reply
Kanagaraj
Regular Advisor

‎02-03-2010 01:41 AM

‎02-03-2010 01:41 AM

Re: syslog server configuration

Don't forget to restart syslogd.

/sbin/init.d/syslogd stop
/sbin/init.d/syslogd start
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.