HI
how can i send solaris syslog to centralized logging server?
i have tried adding like below and got error:
*.err;kern.debug;daemon.notice;mail.crit @172.16.200.50:5000
and the error i got in /var/adm/messages is:
Jun 10 13:02:24 aresdb-new.alshaya.com syslogd: line 14: WARNING: 172.16.200.50:5000 could not be resolved
Jun 10 13:02:24 aresdb-new.alshaya.com syslogd: line 25: WARNING: loghost could not be resolved
how to fix this?
You did not get an ERROR but a WARNING, which states it cannot resolve the specifed address. Can you resolve 172.16.200.50 via nslookup from command line ?
Have you checked if the central syslog server is receiving logs from the box ?
Regards
Peasant.
it's pining from client machine.
root@aresdb-new.example.com #nslookup 172.16.200.50
Server: 172.16.100.19
Address: 172.16.100.19#53
** server can't find 50.200.16.172.in-addr.arpa: NXDOMAIN
root@aresdb-new.example.com #ping 172.16.200.50
172.16.200.50 is alive
Is the syslog port (514) open on the server? The daemon running? Listening on 5000? 514?
yes the port is 5000 not 514 and it's listening to that port
Have you checked is remote syslog machine receiving logs from that specific host ?
I have tried tcpdump against client ip
Also my logging server is logstrach with kibana front end
I think the Solaris syslogd is fixed to port 514/udp.
But solaris box is my client not suslog server
I suspect it is also restricted to only send to 514/udp.
man syslog.conf talks of @server and does not mention a port modifier.
MadeInGermany is right. Either your central log server has to listen on port 514 to receive messages from solaris box or you have to install another syslogd on solaris.