Cannot send syslog event from AIX 6.1 to RHEL Syslog server
Hi everyone,
I am trying to configure AIX 6.1 using syslogd to send syslog event to syslog server configured on RHEL. However, RHEL never receives the events.
I have tried to redirect the syslog event on AIX to a local file and successful. Only forwarding to remote server fails.
Firewall between these servers are opened and allowed connection through.
I have tried to check the /var/log/messages but could not find any useful information.
Can anyone give me an advice for this situation?
The syslog message transfer is UDP so doesn't shake hands and open up a TCP connection with packets being acknowledged etc., it's just a fire-and-forget style transmission, so it can make it a bit tricky to diagnose. I have a few to questions pose in response first:-
What have you tried so far? Any variations?
Is the receiving side listening on the correct port? Default is UDP 514.
What output/errors do you get (if any) in your local syslog files? They must exist before the daemon starts to let it write to them. I think AIX refuses to create a new file.
Can you show us the lines you think are relevant from /etc/syslogd.conf
Are there firewalls in play here, either on the sending/receiving servers or something on the network (e.g. a DMZ)
I have tried to configure remote logging, local logging. Local logging success but remote failed.
Yes, the logger server is listening on port 514 as default. and we are receiving data from other UNIX Server but only AIX is having issue.
I do not see any error while starting syslog file. Furthermore, creating local syslog file is success.
For the firewall, I am confirming with the firewall team but they say that it has been opened for port 514 to go through. I need to double check again but it seems firewall team is doing good job and the port should be opened as they said.
And for /etc/syslog.conf content, it is very simple as below: local0.debug @<Syslog server> --> This one failed.
I have test with local logger as below content: local0.debug /tmp/syslog.log --> It works.
Just one question: I could not find the syslog daemon log file on AIX server. What is the default location of this log file? Is it /var/log/messages? I think if AIX does not send the syslog event then it should be syslogd issue but could not locate the log files to troubleshoot it.
Feel free to let me know any suggestion if you have I really appreciate it.
For the firewall, I am confirming with the firewall team but they say that it has been opened for port 514 to go through. I need to double check again but it seems firewall team is doing good job and the port should be opened as they said.
hmm, you (or, rather, the firewall boys) do understand there are two rules needed, yes? One for the connection in one direction itself, the second for the acknowledgements back to the client. Maybe this point is moot but i have seen many things in my life and this wouldn't be the strangest.
Quote:
Originally Posted by michael_hoang
And for /etc/syslog.conf content, it is very simple as below: local0.debug @<Syslog server> --> This one failed.
Have you made sure the name of the target system is a FQDN? Does the AIX system have proper name resolution for the target? You might, for testing purposes, put the IP address directly there and/or put the host name of the logging server into /etc/hosts.
Also notice that syslog needs reverse lookup too, which is often "forgotten" by novice network admins. If you check the name resolution always try the nslookup not only for the hostname but also for the corresponding IP address. Both have to be successful.
Quote:
Originally Posted by michael_hoang
Just one question: I could not find the syslog daemon log file on AIX server. What is the default location of this log file? Is it /var/log/messages? I think if AIX does not send the syslog event then it should be syslogd issue but could not locate the log files to troubleshoot it.
How is syslog started? Do a
and post the output. You can use the chssys command to change the way syslogd is started by the system resource controller. See the man page for syslogd for specifics, especially the -d (debug) switch. Also notice that after every change to /etc/syslog.conf you need to restart the subsystem with
(the stopping, starting and sleeping is just my paranoia, probably a refresh -s syslog would suffice)
thanks bakunin for very detail I am a newbie in AIX and really appreciate for all help.
Getting back to my query and bakunin's suggestion, I have tried to stop and start the syslogd service after making change of syslog.conf file (using stopsrc -s syslogd and then startsrc -s syslogd. I am not quite sure about refresh -s syslogd as I have seen some posts about this command sometimes may get naughty and do not refresh the conf file at all )
i will double check the firewall configuration and the syslogd service status tomorrow and get back to you the result after that.
Thank you for your help in advance.
regards,
Michael
I am a newbie in AIX
[...]
using stopsrc -s syslogd and then startsrc -s syslogd. I am not quite sure about refresh -s syslogd as I have seen some posts about this command sometimes may get naughty and do not refresh the conf file at all
You might want to read about the "System Resource Controller" or SRC, for short. It is sort of a super-daemon to start other daemons (called "subservers" or "subsystems", without wanting to go into details). Here is a (very short and incomplete)
Introduction to System Resource Controller (SRC) Commands
How these subsystems are started is defined with the command mkssys and stored in a "registry"-like data storage called ODM. You can change an already defined subsystem with the command chssys and remove a subsystem with the command rmssys. Display a subsystems properties with the command lssrc -ls <subsystem>.
Starting such a subsystem is done with startsrc, stopping with stopsrc and displayed what is running with lssrc -a. refresh reinitialises an already started subsystem if it supports signal communication (basically this sends a kill -1), but some subsystems won't allow that, which is why you have to do a stopsrc and then a startsrc in such a case.
You might also get away with kill -HUP process-id to get syslogd to re-read it's config file rather than a whole stop-start effort. Check the man page for syslog.conf to see if that is allowed (or just syslogd if there isn't a separate man page for the config file)
Hi,
I need help on syslog-ng on RHEL 7.2. It is working as expected.
As per configuration, it is supposed to create authlog, messages and xymessages daily in respective folder of date. But I can see only messages file and that is also not updating well.
# ps -ef | grep -i syslog
root 22954... (1 Reply)
Hi All
I need your help to configure Aix to send logs to Qradar, I did all the methods that mentioned in IBM website and no use, Plz Help,,
The Logs should I receive from Aix and display in Qradar is (create user delete user changing in privileges....etc )
my skype account
khaled_ly84
... (4 Replies)
Hi guys,
I am currently runnig hp-ux v11.3. I have enabled auditing and I am able to send the audit events to a text file in syslog format using the following command:
audisp -r /var/.audit/audtrail/auditfile -P -o follow -O sync | audit_p2l > /var/adm/auditlog
I am required to send the... (0 Replies)
HI
how can i send solaris syslog to centralized logging server?
i have tried adding like below and got error:
*.err;kern.debug;daemon.notice;mail.crit @172.16.200.50:5000
and the error i got in /var/adm/messages is:
Jun 10 13:02:24 aresdb-new.alshaya.com syslogd: line 14:... (10 Replies)
Hi folks,
I am having an issue here.Currently, my system sends a file from AIX using CICS program to mainframe .
However, Now I need to send file from AIX using CICS program or any other alternative to PCOMM server.
Can anyone enlighten me !!
Rgds,
Targetshell (4 Replies)
Hi,
I want to send SMS from my AIX unix server. Could you please help me?
US Service provider: AT & T
I tried the below command but message not received.
echo "test msg" | /usr/bin/sendmail -v <mobilenumber>@mobile.att.net (4 Replies)
i am new in AIX i am trying to write a script to take a backup for specific files on server to and check error log if backup success send email to administrator , script done except for sending mail , i try to configure sendmail on aix to use our exchange server to send emails but still get error... (0 Replies)
Hi All,
How to configure sendmail service in AIX server ?
Please tell me what all changes has to be made in sendmail.conf file.
Please help in this issue to configure it.
Thanks
jack (1 Reply)
Hi,
anyone can guide me how to configure server to send email in AIX.
My server is in a closed network, what do I need to configure and how?
SMTP gateway? mail server?
Thanks and best regards
Solomon (4 Replies)
I am trying to send an email to another server but i don't seem to be able to do it.
I can receive mail form other servers but not send out.
I am using IBM AIX 4.x
Any knows whcih configuration file i need to set ?
or any network port to look out for ? (1 Reply)