Professional Web Applications Themes

Sending syslog messages to a remote syslog server - Sun Solaris

I have successfully setup a centralized syslog server on Linux accepting logs from remote clients. The /etc/syslog.conf file on Linux (192.168.1.20) is configured as follows: *.* /var/log/mainlog I have remote Linux, Windows, Snort, HP JetDirects, and Cisco devices logging to it. I have not been able to get Solaris to send logs though. The /etc/syslog.conf file on Solaris 7.0 (192.168.1.10) is configured as follows: *.* 192.168.1.20 *. ifdef(`LOGHOST', /var/log/syslog, loghost) The /etc/hosts file on Solaris is configured as follows: 192.168.1.20 loghost After restarting syslog (etc/init.d/syslog stop and then a start), I do not see any logs being sent. I tried ...

  1. #1

    Default Sending syslog messages to a remote syslog server

    I have successfully setup a centralized syslog server on Linux
    accepting logs from remote clients.
    The /etc/syslog.conf file on Linux (192.168.1.20) is configured as
    follows:
    *.* /var/log/mainlog

    I have remote Linux, Windows, Snort, HP JetDirects, and Cisco devices
    logging to it. I have not been able to get Solaris to send logs
    though.
    The /etc/syslog.conf file on Solaris 7.0 (192.168.1.10) is configured
    as follows:
    *.* 192.168.1.20
    *. ifdef(`LOGHOST', /var/log/syslog,
    loghost)

    The /etc/hosts file on Solaris is configured as follows:
    192.168.1.20 loghost

    After restarting syslog (etc/init.d/syslog stop and then a start), I
    do not see any logs being sent. I tried to log into telnet with an
    incorrect password, and /var/adm/ had a log file that shows I
    attempted this, but the Linux box did not.

    My question is...Are either of these correct? I would prefer to use
    the same convention as the Linux boxes (*.* 192.168.1.20). I
    understand that the second line should work as well. Any ideas?
    John Guest

  2. #2

    Default Re: Sending syslog messages to a remote syslog server

    In article <google.com>,
    John Jesmine <com> wrote: 

    *.* should be *.debug. The second field is a severity level, and is
    interpreted as that level and all higher levels. So to get all severities,
    you specify the lowest level, which is "debug".

    I'm not sure what your second line is intended to be -- you seem to have
    left out the level entirely.

    --
    Barry Margolin, com
    Level(3), Woburn, MA
    *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
    Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
    Barry Guest

  3. #3

    Default Re: Sending syslog messages to a remote syslog server

    I might be wrong but *.* , I dont think is valid syntax . I cant remember
    but either the facility or level cant have a wildcard. I cant remember
    which. I do know only one of them can have a wildcard.
    You could start syslog with the -d ( debug |) option to see if there are
    syntax errors in the syslog.conf file .
    George


    george Guest

  4. #4

    Default Re: Sending syslog messages to a remote syslog server

    com (John Jesmine) wrote in message news:<google.com>... 

    Hi John,

    I would suggest checking out this page:

    http://www.gl.umbc.edu/~jack/ifsm498d/syslog.html

    It will explain more clearly how syslog works and should help you set
    up your syslog correctly. I've successfully setup a logserver and
    directed all logging messages to it. I setup and used the various
    locals (also talked about on that page.)

    good luck,

    Sharona
    sharona Guest

  5. #5

    Default Re: Sending syslog messages to a remote syslog server

    In article <google.com>, jj__27
    hotmail.com says... 
    Severity cannot have Wildcards. You can do *.crit, but no mail.*.
    I suggest you do

    # /etc/init.d/syslog stop
    # syslogd -d

    which will go to interactive mode with debug function. Any error you
    have, it will be shown.
    Then repair /etc/syslog.conf and start syslog with

    # /etc/init.d/syslog start 
    ales.romaniuk@mobitel.si Guest

  6. #6

    Default Re: Sending syslog messages to a remote syslog server

    si wrote in message news:<siol.net>... 
    > Severity cannot have Wildcards. You can do *.crit, but no mail.*.
    > I suggest you do
    >
    > # /etc/init.d/syslog stop
    > # syslogd -d
    >
    > which will go to interactive mode with debug function. Any error you
    > have, it will be shown.
    > Then repair /etc/syslog.conf and start syslog with
    >
    > # /etc/init.d/syslog start [/ref]

    I am going to try the following in my syslog.conf file:

    *.emerg;*.alert;*.crit;*.err;*.warning;*.*.notice; *.info;*.debug loghost

    Hopefully this works and I will be able to send everything to the
    remote loghost. Thanks for all of your replies.

    JJ
    John Guest

  7. #7

    Default Re: Sending syslog messages to a remote syslog server

    John Jesmine <com> wrote: 
     

    One would assume you mean

    *.debug loghost

    --
    Darren Dunham com
    Unix System Administrator Taos - The SysAdmin Company
    Got some Dr Pepper? San Francisco, CA bay area
    < This line left intentionally blank to confuse you. >
    Darren Guest

Similar Threads

  1. Writing custom error messages to syslog
    By Rick Pries in forum Coldfusion - Advanced Techniques
    Replies: 0
    Last Post: June 8th, 03:37 PM
  2. Syslog replay script for centralized syslog data
    By leroy in forum Linux / Unix Administration
    Replies: 2
    Last Post: October 29th, 07:52 AM
  3. msgid missing from syslog messages
    By Patrick in forum Linux / Unix Administration
    Replies: 2
    Last Post: October 15th, 09:50 PM
  4. Replies: 6
    Last Post: September 5th, 11:39 PM
  5. Replies: 3
    Last Post: July 23rd, 03:47 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139