Solved

syslog

Posted on 2004-04-04
12
1,591 Views
Last Modified: 2013-12-27
I have a sun machine which installed with solaris 8. I want to use it as a syslog server for messages that are sent from a cisco router.
 I have done the following
1.on the cisco router
    ->logging on
    ->logging ip_address
    ->logging facility local7
    ->logging trap debug
2. On the sun workstation
   ->I have edited the syslog.conf file by adding
       local7.debug    /var/adm/log (there are five tabs between local7.debug and /var/adm/log  no space)
   ->I have created the file /var/adm/log
   ->I have changed the file attribute mode as -rwxrwxrwx.(chmod 777)
   -> Force the syslog process (syslogd) to read the new configuration file by typing:
   -># kill -HUP cat /etc/syslog.pid
but the last command has an error such as
      "there is no such pid"
If I restarted the sun machine the syslogd process started. But the messages are not found in the file.
     When  I see the router by typing
             sh logging
     there are messages that are logged to the sun  machine.
0
Comment
Question by:abradf
12 Comments
 
LVL 45

Expert Comment

by:sunnycoder
ID: 10755265
Hi abradf,

> # kill -HUP cat /etc/syslog.pid

# kill -HUP `cat /etc/syslog.pid`

note the backticks


Sunnycoder
0
 
LVL 45

Expert Comment

by:sunnycoder
ID: 10755285
you can also try /etc/init.d/syslog restart for forcing syslod to re-read its configuration
0
 
LVL 1

Expert Comment

by:rhugga
ID: 10757864

First test your changes to /etc/syslog.conf with the logger utility. This allows you to submit log entries to syslog using the same routines an application would use. Eliminate the cisco router from the picture until you know the Solaris box is configured correctly. If logger is failing, make sure you used TABs in your /etc/syslog.conf file , not spaces.

After checking /etc/syslog.conf, make sure that syslogd is even accepting remote connections:

netstat -na | grep LIST | grep 514

You should see something like this:
      *.514                *.*                0      0 65536      0 LISTEN
      *.514                *.*                0      0 65536      0 LISTEN

Next check your network path to the cisco router. (check for firewalls, bad routes, bad arp, etc.....)

Lastly, make sure syslogd is not being started with the -t option (which is doesn't by default)

You can also turn on a debug mode to syslogd with the -d option.

Relevant man pages: syslogd, logger, syslog.conf

-chuck




0
 
LVL 48

Expert Comment

by:Tintin
ID: 10761393
There is no need to set perms to 777.  It should be 640 or perhaps 644.

You can also do a restart by doing

pkill HUP syslogd
0
 
LVL 2

Expert Comment

by:CadburyKat
ID: 10822565
use logger.  This is installed by default with Solaris 8 and 9.  You can send messages from a remote system to the syslog facility you specify.

This will take the Solaris part out of it.

The next step will be to diagnose the cisco end of things.

I am doing the exact thing you are trying to do.  It can be done.



man logger
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 10

Expert Comment

by:elf_bin
ID: 11247902
I thought .pid files usually went in /var/run/, perhaps you've made a mistake?

Just a thought...
0
 
LVL 48

Expert Comment

by:Tintin
ID: 11255884
There's no real standard for pid files.  Older versions of Solaris used /etc/syslog.pid, but on recent versions, you'll notice that that's actually a link to /var/run/syslog.pid
0
 
LVL 45

Expert Comment

by:sunnycoder
ID: 11354065
Liddler,

I think http:#10755265 is the correct answer
0
 
LVL 18

Expert Comment

by:liddler
ID: 11354241
Sunnycoder
>>If I restarted the sun machine the syslogd process started. But the messages are not found in the file.

You were right about how to use ``, but the comment above seems to say they were not logged ?!?
0
 
LVL 45

Expert Comment

by:sunnycoder
ID: 11354373
you are right ... I somehow missed that part ...

Just for the sake of solution being in the PAQ ...

You need to restart the syslogd with -r option ... by default, syslog does not log messages sent by the remote machine.
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 11387602
PAQed - no points refunded (of 250)

modulo
Community Support Moderator
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now