Hi

I couldn't find any examples of this on HPUX syslogd and syslog.conf
where we have a central syslog server that recieves all syslog
messages, saves them into the central syslog files and forwards the
messages to the appropriate computer or network management station.
Two problems, one we don't think it is forwarding to the management
station, two it needs to forward to the next management station as the
original ID. We're trying to migrate this from a 7 year old sun system
to a new HP UX, and we're not that familiar with HPUX differences.

Or is there an open source package that does what we're looking for?

Anyway, as you can see I would appreciate any suggestions.

Thanks
Mike

On 2006-04-13, mmccaws2 <mmccaws@comcast.net> wrote:

> I couldn't find any examples of this on HPUX syslogd and syslog.conf
> where we have a central syslog server that recieves all syslog
> messages, saves them into the central syslog files and forwards the
> messages to the appropriate computer or network management station.
> Two problems, one we don't think it is forwarding to the management
> station, two it needs to forward to the next management station as the
> original ID. We're trying to migrate this from a 7 year old sun system
> to a new HP UX, and we're not that familiar with HPUX differences.

I do large-scale multi-unix-flavour syslog collection - including some
forwarding by HP-UX. Assuming you stick with the native s/w (as I have)
you just arrange in syslog.conf on that host to do *both* the forwarding
(into the management station) *and* the write to a local file. All other
hosts should forward to that one HP box.

After doing this the network management station may think all the traffic
comes from one host. If that's a problem then stop forwading into the
station by native syslog and use something that forges source addresses
when sending traffic to the management station. The blurb with netcat
explains how. You'll probably need to run that as root. I don't know
a product that does this - there probably are some and it doesn't sound
hard to do anyway if you read the logfile and generate matching net traffic.

Last week one bloke did over 20 million failed su to root attempts and I
stupidly forgot to put that in my weekly report before leaving today.

And some syslog messages aren't worth having. User denied? Yes, but
which user?!

--
Elvis Notargiacomo master AT barefaced DOT cheek
http://www.notatla.org.uk/goen/
Powergen write "Why not stay with us" - let me count the ways!