Previous Topic: Purging Data from Splunk | Next Topic: Incorrect detection of Date
I've configured standard syslog on a number of Suse Linux servers to log into a SuSe splunk server and they work fine. Using the same method I'm unable to get any HPUX 11i server to log syslog messages to the linux server.
I've checked 514/udp in both services files and also checked that the INET domain socket is in use on hpux.
netstat -an | grep 514 on the splunk server shows:
udp 0 0 :::514 :::*
Any clues ?
[Revised on Tue, 08 Aug 2006 06:58:47 -0700]
Please do check Your syslog forwarders.
/sbin/init.d/syslog stop
syslog -D -d -N
will generate a bitmask showing the forwarding rules,
verify there is one (or many more) that end with FORW,
otherwise the forwarding is not OK.
then, from another shell on the hp-ux simply issue
logger -p crit "test syslog forwarding number 1 pid.$$"
and see if syslogd really forwards it.
remember there are only tabs allowed in syslog.conf, and also
remember to start syslogd again after You're done testing.
florian
You must be logged in to post a reply.
Flash required to play this video.
Click here to download the free Flash Player.