[syslog-ng]syslog on HP-UX 11
Olivia Leonard
syslog-ng@lists.balabit.hu
Thu, 4 Nov 2004 11:13:34 -0000
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C4C25F.52F20712
Content-Type: text/plain; charset="iso-8859-1"
Hi
I have set up a central logging server using syslog-ng (on solaris 8) - all
the solaris servers, windows servers, and routers are logging to it with no
big issues.
I want to get a HP-UX box logging to it and it's proving difficult.
Initially In installed syslog-ng 1.5.8 from a depot and it sent only a
startup message to the central server but none of the other messages such as
logins, su and so on.
So I tried getting it to log to it using it's own native syslog - it just
won't log anything. It resolves loghost and gives no errors on
startup/restart but it just doesn't log anything (eventhough my central
server listens on UDP 514 and gets messages from routers/switches)
Could anyone help me out with this?? Attached are both my syslog.conf and my
syslog-ng.conf.
Thanks
Olivia
****************************************************************************
****************************************************************************
**************
/etc/syslog.conf
#
mail.debug /var/adm/syslog/mail.log
#*.info;mail.none /var/adm/syslog/syslog.log
#*.alert /dev/console
#*.alert root
#*.emerg *
*.emerg;*.alert;*.crit;*.err;*.warning;*.notice;*.info;*.debug @loghost
#
****************************************************************************
****************************************************************************
***************
/opt/syslog_ng/etc/syslog-ngsyslog-ng.conf
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};
source src {unix-stream("/dev/log"); internal(); };
destination everything {file("/home/leonarol/logfile"); };
## set up logging to loghost
destination loghost {
tcp("172.16.117.170" port(5140));
};
filter f_ssh_login_attempt {
program("sshd.*")
and match("(Failed|Accepted)")
and not match("Accepted (hostbased|publickey)");
};
filter f_emergency { level(emerg); };
filter f_alert { level(alert); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_warn { level(warn); };
filter f_notice { level(notice); };
filter f_info { level(info); };
log { source(src); filter(f_emergency); destination(everything); };
log { source(src); filter(f_alert); destination(everything); };
log { source(src); filter(f_crit); destination(everything); };
log { source(src); filter(f_err); destination(everything); };
log { source(src); filter(f_warn); destination(everything); };
log { source(src); filter(f_notice); destination(everything); };
log { source(src); filter(f_info); destination(everything); };
log { source(src); filter(f_emergency); destination(loghost); };
log { source(src); filter(f_alert); destination(loghost); };
log { source(src); filter(f_crit); destination(loghost); };
log { source(src); filter(f_err); destination(loghost); };
log { source(src); filter(f_warn); destination(loghost); };
log { source(src); filter(f_notice); destination(loghost); };
log { source(src); filter(f_info); destination(loghost); };
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any other action taken or any views, opinions or advice contained in this e-mail are those of the sending individual and not necessarily those of the firm. It is possible for data transmitted by e-mail to be deliberately or accidentally corrupted or intercepted. For this reason where the communication is by e-mail, J&E Davy does not accept any responsibility for any breach of confidence which may arise from the use of this medium. If you have received this e-mail in error please notify us immediately at mailto:helpdesk@davy.ie and delete this e-mail from your system.
------_=_NextPart_001_01C4C25F.52F20712
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Diso-8859-=
1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version 5.5.2656.60">
<TITLE>syslog on HP-UX 11</TITLE>
</HEAD>
<BODY>
<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">Hi</FONT>
</P>
<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">I have set up a=
central logging server using syslog-ng (on solaris 8) - all the solaris se=
rvers, windows servers, and routers are logging to it with no big issues.</=
FONT></P>
<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">I want to get a=
HP-UX box logging to it and it's proving difficult. Initially In installed=
syslog-ng 1.5.8 from a depot and it sent only a startup message to the cen=
tral server but none of the other messages such as logins, su and so on.</F=
ONT></P>
<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">So I tried gett=
ing it to log to it using it's own native syslog - it just won't log anythi=
ng. It resolves loghost and gives no errors on startup/restart but it just =
doesn't log anything (eventhough my central server listens on UDP 514 and g=
ets messages from routers/switches)</FONT></P>
<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">Could anyone he=
lp me out with this?? Attached are both my syslog.conf and my syslog-ng.con=
f.</FONT>
</P>
<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">Thanks</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">Olivia</FONT>
</P>
<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">***************=
***************************************************************************=
***************************************************************************=
*</FONT></P>
<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">/etc/syslog.con=
f</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">#</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">mail.debug&nbs=
p; =
/var/adm/syslog/mail.log</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">#*.info;mail.n=
one /var/adm/syslog/syslog.log</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">#*.alert =
&nb=
sp; /dev/console</FON=
T>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">#*.alert =
&nb=
sp; root</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">#*.emerg =
&nb=
sp; *</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">*.emerg;*.aler=
t;*.crit;*.err;*.warning;*.notice;*.info;*.debug @loghost</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">#</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">**************=
***************************************************************************=
***************************************************************************=
***</FONT></P>
<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">/opt/syslog_ng/=
etc/syslog-ngsyslog-ng.conf</FONT>
</P>
<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">options { sync =
(0);</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic"> &n=
bsp; time_reopen (10);</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic"> &n=
bsp; log_fifo_size (1000);</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic"> &n=
bsp; long_hostnames (off);</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic"> &n=
bsp; use_dns (no);</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic"> &n=
bsp; use_fqdn (no);</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic"> &n=
bsp; create_dirs (no);</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic"> &n=
bsp; keep_hostname (yes);</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic"> &n=
bsp; };</FONT>
</P>
<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">source src {uni=
x-stream("/dev/log"); internal(); };</FONT>
</P>
<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">destination eve=
rything {file("/home/leonarol/logfile"); };</FONT>
</P>
<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">## set up loggi=
ng to loghost</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">destination lo=
ghost {</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic"> &n=
bsp; tcp("172.16.117.170" port(5140));</F=
ONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">};</FONT>
</P>
<BR>
<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">filter f_ssh_lo=
gin_attempt {</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic"> &n=
bsp; program("sshd.*")</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic"> &n=
bsp; and match("(Failed|Accepted)")</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic"> &n=
bsp; and not match("Accepted (hostbased|public=
key)");</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">};</FONT>
</P>
<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">filter f_emerge=
ncy { level(emerg); };</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">filter f_alert=
{ level(alert); };</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">filter f_crit =
{ level(crit); };</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">filter f_err {=
level(err); };</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">filter f_warn =
{ level(warn); };</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">filter f_notic=
e { level(notice); };</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">filter f_info =
{ level(info); };</FONT>
</P>
<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">log { source(sr=
c); filter(f_emergency); destination(everything); };</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">log { source(s=
rc); filter(f_alert); destination(everything); };</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">log { source(s=
rc); filter(f_crit); destination(everything); };</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">log { source(s=
rc); filter(f_err); destination(everything); };</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">log { source(s=
rc); filter(f_warn); destination(everything); };</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">log { source(s=
rc); filter(f_notice); destination(everything); };</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">log { source(s=
rc); filter(f_info); destination(everything); };</FONT>
</P>
<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">log { source(sr=
c); filter(f_emergency); destination(loghost); };</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">log { source(s=
rc); filter(f_alert); destination(loghost); };</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">log { source(s=
rc); filter(f_crit); destination(loghost); };</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">log { source(s=
rc); filter(f_err); destination(loghost); };</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">log { source(s=
rc); filter(f_warn); destination(loghost); };</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">log { source(s=
rc); filter(f_notice); destination(loghost); };</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">log { source(s=
rc); filter(f_info); destination(loghost); };</FONT>
</P>
<FONT SIZE=3D3><BR>
<BR>
The information in this e-mail is confidential and may be legally privilege=
d. It is intended solely for the addressee. Access to this e-mail by anyone=
else is unauthorised. If you are not the intended recipient, any disclosur=
e, copying, distribution or any other action taken or any views, opinions o=
r advice contained in this e-mail are those of the sending individual and n=
ot necessarily those of the firm. It is possible for data transmitted by e-=
mail to be deliberately or accidentally corrupted or intercepted. For this =
reason where the communication is by e-mail, J&E Davy does not accept any r=
esponsibility for any breach of confidence which may arise from the use of =
this medium. If you have received this e-mail in error please notify us imm=
ediately at mailto:helpdesk@davy.ie and delete this e-mail from your system=
.<BR>
</FONT>
</BODY>
</HTML>
------_=_NextPart_001_01C4C25F.52F20712--