Solved

syslog

Posted on 2004-04-04
12
1,590 Views
Last Modified: 2013-12-27
I have a sun machine which installed with solaris 8. I want to use it as a syslog server for messages that are sent from a cisco router.
 I have done the following
1.on the cisco router
    ->logging on
    ->logging ip_address
    ->logging facility local7
    ->logging trap debug
2. On the sun workstation
   ->I have edited the syslog.conf file by adding
       local7.debug    /var/adm/log (there are five tabs between local7.debug and /var/adm/log  no space)
   ->I have created the file /var/adm/log
   ->I have changed the file attribute mode as -rwxrwxrwx.(chmod 777)
   -> Force the syslog process (syslogd) to read the new configuration file by typing:
   -># kill -HUP cat /etc/syslog.pid
but the last command has an error such as
      "there is no such pid"
If I restarted the sun machine the syslogd process started. But the messages are not found in the file.
     When  I see the router by typing
             sh logging
     there are messages that are logged to the sun  machine.
0
Comment
Question by:abradf
12 Comments
 
LVL 45

Expert Comment

by:sunnycoder
ID: 10755265
Hi abradf,

> # kill -HUP cat /etc/syslog.pid

# kill -HUP `cat /etc/syslog.pid`

note the backticks


Sunnycoder
0
 
LVL 45

Expert Comment

by:sunnycoder
ID: 10755285
you can also try /etc/init.d/syslog restart for forcing syslod to re-read its configuration
0
 
LVL 1

Expert Comment

by:rhugga
ID: 10757864

First test your changes to /etc/syslog.conf with the logger utility. This allows you to submit log entries to syslog using the same routines an application would use. Eliminate the cisco router from the picture until you know the Solaris box is configured correctly. If logger is failing, make sure you used TABs in your /etc/syslog.conf file , not spaces.

After checking /etc/syslog.conf, make sure that syslogd is even accepting remote connections:

netstat -na | grep LIST | grep 514

You should see something like this:
      *.514                *.*                0      0 65536      0 LISTEN
      *.514                *.*                0      0 65536      0 LISTEN

Next check your network path to the cisco router. (check for firewalls, bad routes, bad arp, etc.....)

Lastly, make sure syslogd is not being started with the -t option (which is doesn't by default)

You can also turn on a debug mode to syslogd with the -d option.

Relevant man pages: syslogd, logger, syslog.conf

-chuck




0
 
LVL 48

Expert Comment

by:Tintin
ID: 10761393
There is no need to set perms to 777.  It should be 640 or perhaps 644.

You can also do a restart by doing

pkill HUP syslogd
0
 
LVL 2

Expert Comment

by:CadburyKat
ID: 10822565
use logger.  This is installed by default with Solaris 8 and 9.  You can send messages from a remote system to the syslog facility you specify.

This will take the Solaris part out of it.

The next step will be to diagnose the cisco end of things.

I am doing the exact thing you are trying to do.  It can be done.



man logger
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 10

Expert Comment

by:elf_bin
ID: 11247902
I thought .pid files usually went in /var/run/, perhaps you've made a mistake?

Just a thought...
0
 
LVL 48

Expert Comment

by:Tintin
ID: 11255884
There's no real standard for pid files.  Older versions of Solaris used /etc/syslog.pid, but on recent versions, you'll notice that that's actually a link to /var/run/syslog.pid
0
 
LVL 45

Expert Comment

by:sunnycoder
ID: 11354065
Liddler,

I think http:#10755265 is the correct answer
0
 
LVL 18

Expert Comment

by:liddler
ID: 11354241
Sunnycoder
>>If I restarted the sun machine the syslogd process started. But the messages are not found in the file.

You were right about how to use ``, but the comment above seems to say they were not logged ?!?
0
 
LVL 45

Expert Comment

by:sunnycoder
ID: 11354373
you are right ... I somehow missed that part ...

Just for the sake of solution being in the PAQ ...

You need to restart the syslogd with -r option ... by default, syslog does not log messages sent by the remote machine.
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 11387602
PAQed - no points refunded (of 250)

modulo
Community Support Moderator
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now