Solaris log question

black_fender · December 28, 2012, 7:02am

Hello,

I have a monitoring script on machine A which asks a telnet on port 80 on machine B. Machine B is on Solaris :

root@Ma1-fu-mslocwp-1 # uname -a
SunOS Ma1-fu-mslocwp-1 5.10 Generic_144488-09 sun4v sparc sun4v

I want to know when the telnet command launched from machine A cannot establish connection with machine B on port 80 is there any trace in the system logs from machine B. If so, in which log file?

Thank you!

jim_mcnamara · December 28, 2012, 7:15am

I'm not clear on this. Do you mean a login failure? Or something else, like a network issue? What happens is specific to the error, but your question is so general I have no clue what you want.

black_fender · December 28, 2012, 7:29am

Actually I think I was pretty clear

I am on machineA. I launch this command :

 # telnet machineB 80
Trying machineB...
telnet: Unable to connect to remote host: Connection refused

Afterwards I go on machineB. Will I be able to find any trace of this telnet attempt? If so, where ?

---------- Post updated at 07:29 AM ---------- Previous update was at 07:25 AM ----------

As a side note:

There's no communication problem between these 2 machines. I can have a succesfully telnet command from machineA to machineB on a different port. I can also ssh between these 2 machines. My only problem is when the respective process on machineB does not listen on port 80. When that happens (and I detect that woth a telnet from machineA) will I be able to find the trace of that telnet attempt on the destination machine (machineB) ?

PPS:

I do not want to find out why the telnet command fails. I only want to know how/where can I trace these failed telnet attempts on the destination machine (machineB).

fpmurphy · December 28, 2012, 9:51am

By default Solaris does not log telnet attempts.

jim_mcnamara · December 28, 2012, 11:35am

That is a tcp/ip error. Okay, so now you have to enable logging for the transport layer.

inetadm -M tcp_trace=TRUE

turns on logging - it uses syslog. (/var/log/syslog is the file) However on a busy system this incurs overhead, which logging is off by default.

GP81 · December 28, 2012, 1:14pm

It's better to use "-m" rather than "-M. With low letter you can change value for specific service.

# inetadm | grep telnet

Now you know what is FMRI of telnet service.

# inetadm -m <telnet FMRI>  tcp_trace=true

You can also edit syslog.conf file to configure where and with what level daemon log will be stored.