Cannot send syslog event from AIX 6.1 to RHEL Syslog server


 
Thread Tools Search this Thread
Operating Systems AIX Cannot send syslog event from AIX 6.1 to RHEL Syslog server
# 1  
Old 02-07-2018
Question Cannot send syslog event from AIX 6.1 to RHEL Syslog server

Hi everyone,

I am trying to configure AIX 6.1 using syslogd to send syslog event to syslog server configured on RHEL. However, RHEL never receives the events.
I have tried to redirect the syslog event on AIX to a local file and successful. Only forwarding to remote server fails.
Firewall between these servers are opened and allowed connection through.
I have tried to check the /var/log/messages but could not find any useful information.
Can anyone give me an advice for this situation?

Thank you in advances.
Regards,
Michael
# 2  
Old 02-07-2018
Welcome michael_hoang,

The syslog message transfer is UDP so doesn't shake hands and open up a TCP connection with packets being acknowledged etc., it's just a fire-and-forget style transmission, so it can make it a bit tricky to diagnose. I have a few to questions pose in response first:-
  • What have you tried so far? Any variations?
  • Is the receiving side listening on the correct port? Default is UDP 514.
  • What output/errors do you get (if any) in your local syslog files? They must exist before the daemon starts to let it write to them. I think AIX refuses to create a new file.
  • Can you show us the lines you think are relevant from /etc/syslogd.conf
  • Are there firewalls in play here, either on the sending/receiving servers or something on the network (e.g. a DMZ)


Thanks, in advance,
Robin
# 3  
Old 02-07-2018
Hi Robin,
Thank you very much for your response.

I have tried to configure remote logging, local logging. Local logging success but remote failed.
Yes, the logger server is listening on port 514 as default. and we are receiving data from other UNIX Server but only AIX is having issue.

I do not see any error while starting syslog file. Furthermore, creating local syslog file is success.

For the firewall, I am confirming with the firewall team but they say that it has been opened for port 514 to go through. I need to double check again but it seems firewall team is doing good job and the port should be opened as they said.

And for /etc/syslog.conf content, it is very simple as below:
local0.debug @<Syslog server>
--> This one failed.

I have test with local logger as below content:
local0.debug /tmp/syslog.log
--> It works.

Just one question: I could not find the syslog daemon log file on AIX server. What is the default location of this log file? Is it /var/log/messages? I think if AIX does not send the syslog event then it should be syslogd issue but could not locate the log files to troubleshoot it.

Feel free to let me know any suggestion if you have Smilie I really appreciate it.

Regards,
Michael.
# 4  
Old 02-07-2018
Quote:
Originally Posted by michael_hoang
For the firewall, I am confirming with the firewall team but they say that it has been opened for port 514 to go through. I need to double check again but it seems firewall team is doing good job and the port should be opened as they said.
hmm, you (or, rather, the firewall boys) do understand there are two rules needed, yes? One for the connection in one direction itself, the second for the acknowledgements back to the client. Maybe this point is moot but i have seen many things in my life and this wouldn't be the strangest.

Quote:
Originally Posted by michael_hoang
And for /etc/syslog.conf content, it is very simple as below:
local0.debug @<Syslog server>
--> This one failed.
Have you made sure the name of the target system is a FQDN? Does the AIX system have proper name resolution for the target? You might, for testing purposes, put the IP address directly there and/or put the host name of the logging server into /etc/hosts.

Also notice that syslog needs reverse lookup too, which is often "forgotten" by novice network admins. If you check the name resolution always try the nslookup not only for the hostname but also for the corresponding IP address. Both have to be successful.

Quote:
Originally Posted by michael_hoang
Just one question: I could not find the syslog daemon log file on AIX server. What is the default location of this log file? Is it /var/log/messages? I think if AIX does not send the syslog event then it should be syslogd issue but could not locate the log files to troubleshoot it.
How is syslog started? Do a

Code:
lssrc -ls syslogd

and post the output. You can use the chssys command to change the way syslogd is started by the system resource controller. See the man page for syslogd for specifics, especially the -d (debug) switch. Also notice that after every change to /etc/syslog.conf you need to restart the subsystem with

Code:
stopsrc -s syslogd ; sleep 2 ; startsrc -s syslogd

(the stopping, starting and sleeping is just my paranoia, probably a refresh -s syslog would suffice)

I hope this helps.

bakunin
This User Gave Thanks to bakunin For This Post:
# 5  
Old 02-07-2018
Linux

thanks bakunin for very detail Smilie I am a newbie in AIX and really appreciate for all help.

Getting back to my query and bakunin's suggestion, I have tried to stop and start the syslogd service after making change of syslog.conf file (using stopsrc -s syslogd and then startsrc -s syslogd. I am not quite sure about refresh -s syslogd as I have seen some posts about this command sometimes may get naughty and do not refresh the conf file at all Smilie )

i will double check the firewall configuration and the syslogd service status tomorrow and get back to you the result after that.

Thank you for your help in advance.
regards,
Michael
# 6  
Old 02-07-2018
Quote:
Originally Posted by michael_hoang
I am a newbie in AIX
[...]
using stopsrc -s syslogd and then startsrc -s syslogd. I am not quite sure about refresh -s syslogd as I have seen some posts about this command sometimes may get naughty and do not refresh the conf file at all
You might want to read about the "System Resource Controller" or SRC, for short. It is sort of a super-daemon to start other daemons (called "subservers" or "subsystems", without wanting to go into details). Here is a (very short and incomplete)

Introduction to System Resource Controller (SRC) Commands

How these subsystems are started is defined with the command mkssys and stored in a "registry"-like data storage called ODM. You can change an already defined subsystem with the command chssys and remove a subsystem with the command rmssys. Display a subsystems properties with the command lssrc -ls <subsystem>.

Starting such a subsystem is done with startsrc, stopping with stopsrc and displayed what is running with lssrc -a. refresh reinitialises an already started subsystem if it supports signal communication (basically this sends a kill -1), but some subsystems won't allow that, which is why you have to do a stopsrc and then a startsrc in such a case.

I hope this helps.

bakunin
This User Gave Thanks to bakunin For This Post:
# 7  
Old 02-07-2018
You might also get away with kill -HUP process-id to get syslogd to re-read it's config file rather than a whole stop-start effort. Check the man page for syslog.conf to see if that is allowed (or just syslogd if there isn't a separate man page for the config file)




Robin
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Syslog-ng not working not collecting logs on rhel

Hi, I need help on syslog-ng on RHEL 7.2. It is working as expected. As per configuration, it is supposed to create authlog, messages and xymessages daily in respective folder of date. But I can see only messages file and that is also not updating well. # ps -ef | grep -i syslog root 22954... (1 Reply)
Discussion started by: solaris_1977
1 Replies

2. AIX

Configure AIX server to send logs and auditing to Qradar

Hi All I need your help to configure Aix to send logs to Qradar, I did all the methods that mentioned in IBM website and no use, Plz Help,, The Logs should I receive from Aix and display in Qradar is (create user delete user changing in privileges....etc ) my skype account khaled_ly84 ... (4 Replies)
Discussion started by: khaled_ly84
4 Replies

3. HP-UX

Send Audit Events to Syslog

Hi guys, I am currently runnig hp-ux v11.3. I have enabled auditing and I am able to send the audit events to a text file in syslog format using the following command: audisp -r /var/.audit/audtrail/auditfile -P -o follow -O sync | audit_p2l > /var/adm/auditlog I am required to send the... (0 Replies)
Discussion started by: peter maisiba
0 Replies

4. Solaris

How can i send Solaris syslog loging server?

HI how can i send solaris syslog to centralized logging server? i have tried adding like below and got error: *.err;kern.debug;daemon.notice;mail.crit @172.16.200.50:5000 and the error i got in /var/adm/messages is: Jun 10 13:02:24 aresdb-new.alshaya.com syslogd: line 14:... (10 Replies)
Discussion started by: bentech4u
10 Replies

5. AIX

Send a file from AIX to PCOMM server

Hi folks, I am having an issue here.Currently, my system sends a file from AIX using CICS program to mainframe . However, Now I need to send file from AIX using CICS program or any other alternative to PCOMM server. Can anyone enlighten me !! Rgds, Targetshell (4 Replies)
Discussion started by: targetshell
4 Replies

6. AIX

Send message from AIX UNIX server

Hi, I want to send SMS from my AIX unix server. Could you please help me? US Service provider: AT & T I tried the below command but message not received. echo "test msg" | /usr/bin/sendmail -v <mobilenumber>@mobile.att.net (4 Replies)
Discussion started by: rsivasan
4 Replies

7. Shell Programming and Scripting

Send email from sendmail on AIX using exchange server as SMTP server

i am new in AIX i am trying to write a script to take a backup for specific files on server to and check error log if backup success send email to administrator , script done except for sending mail , i try to configure sendmail on aix to use our exchange server to send emails but still get error... (0 Replies)
Discussion started by: ahmed_salah
0 Replies

8. AIX

send mail configuration in AIX server

Hi All, How to configure sendmail service in AIX server ? Please tell me what all changes has to be made in sendmail.conf file. Please help in this issue to configure it. Thanks jack (1 Reply)
Discussion started by: jack00423
1 Replies

9. AIX

how to configure server to send email in AIX

Hi, anyone can guide me how to configure server to send email in AIX. My server is in a closed network, what do I need to configure and how? SMTP gateway? mail server? Thanks and best regards Solomon (4 Replies)
Discussion started by: chongkls77
4 Replies

10. UNIX for Dummies Questions & Answers

Send email to another server on AIX

I am trying to send an email to another server but i don't seem to be able to do it. I can receive mail form other servers but not send out. I am using IBM AIX 4.x Any knows whcih configuration file i need to set ? or any network port to look out for ? (1 Reply)
Discussion started by: owls
1 Replies
Login or Register to Ask a Question