I have an interesting problem. Maybe someone could help me. I am trying to get syslog on a netapp filer to log remotely. I have placed the exact commands into the filer syslog.conf for local and remote logging.
I also pinged the remote server to make sure that I could get to it in the first place.
I am currently logging to /etc/messages but not to the remove server:
Here is what my stuff looks like
a rdfile of the syslog.conf (names and IPs were changed to protect the innocent)
#5-30-2000 The syslog admin host is <remote box> cron,daemon,kern,syslog.alert;cron,daemon,kern,syslog.err;cron,daemon,kern,s yslo g.crit;cron,daemon,kern,syslog.emerg @10.0.0.1 auth,cron,daemon,kern,syslog.alert;auth,cron,daemon,kern,syslog.err;auth,cro n,da emon,kern,syslog.crit;auth,cron,daemon,kern,syslog.emerg;auth,cron,daemon,ke rn,s yslog.warning /etc/messages
This seems legitimate. But I could be off. Has anyone else had problems doing remote logging?
Nicholas Pesce Internet Production Services Phone: 847 488-6384 Pager: 888 785 3455 Fax: 847 488 3434
On Tue, 1 Aug 2000, Pesce, Nicholas (FUSA) wrote:
This seems legitimate. But I could be off. Has anyone else had problems I also pinged the remote server to make sure that I could get to it in the first place.
Check that the syslogd on the remote box is set up to receive messages from the network. AFAIK most Linux distributions these days (for example) aren't.
-Ronan
Ronan Mullally wrote:
On Tue, 1 Aug 2000, Pesce, Nicholas (FUSA) wrote:
This seems legitimate. But I could be off. Has anyone else had problems I also pinged the remote server to make sure that I could get to it in the first place.
Check that the syslogd on the remote box is set up to receive messages from the network. AFAIK most Linux distributions these days (for example) aren't.
I was just looking at exactly the same thing today, we log all our syslogs out to one server. Everything else works fine, the filer doesn't. Sounds like a bug of some sort: syslog.conf extract from filer: *.info local5@212.111.41.140 and on our loghost: local4.* /var/log/lb # Netapp01 messages local5.* /var/log/netapp01
The one thing I read was that it had to be tab seperated but I've already checked that.
Chris Good wrote:
syslog.conf extract from filer: *.info local5@212.111.41.140
Following up to my own posts, tut tut. As has just been pointed out to me the faility@ convention doesn't work on filers. Anyone have any ideas on how to point the filer to a different faility?
Chris
On Tue, Aug 01, 2000 at 09:16:45PM -0000, Chris Good wrote:
*.info local5@212.111.41.140
Following up to my own posts, tut tut. As has just been pointed out to me the faility@ convention doesn't work on filers. Anyone have any ideas on how to point the filer to a different faility?
directing to a different facility? I've never seen such a syntax in the syslogd/syslog.conf files I've encountered ("standard" BSD, SunOS, Solaris, Irix, AIX) allowing you to do such a thing (and I can't find that in a recent Debian system either.)
That aside, if you are looking for better filtering at the receiving log host, consider using a different syslogd there (the firewall-toolkit one for example, with its useful regexp features) or (my preference) feeding all your interesting messages into your standard event-handling system.
James.
James R Grinter wrote:
directing to a different facility? I've never seen such a syntax in the syslogd/syslog.conf files I've encountered ("standard" BSD, SunOS, Solaris, Irix, AIX) allowing you to do such a thing (and I can't find that in a recent Debian system either.)
Its pretty standard behaviour networking gear etc to direct syslog requests to a specific facility. I guess I mentally pigeon-hole a filer as an appliance/networking gear rather than a UNIX server.
In any case I think its a pretty usefull thing to be able to do. So how do I go about raising an RFE?
-
chris_good@webtop.com -
James R Grinter -
Pesce, Nicholas (FUSA) -
Ronan Mullally