intercept syslog messages?

intercept syslog messages?

Post by mick.ohrb.. » Tue, 11 Apr 2000 04:00:00



NB! Disregard previous post... It has wrong reply-to address! Sorry
about that...

Dear AIX users,

I am desperately looking for a way to intercept syslog events BEFORE
they reach syslogd. The reason for this is that I want to implement
syslog-ng (http://www.balabit.hu/products/syslog-ng/index.html). No
problem on Solaris (/etc/.syslog_door, /dev/syslog etc), but HOW to pipe
into these messages in AIX?

I'd appreciate any and all help!

Thank you in advance!

/Mick

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

intercept syslog messages?

Post by mick.ohrb.. » Wed, 12 Apr 2000 04:00:00





> > NB! Disregard previous post... It has wrong reply-to address! Sorry
> > about that...

> > Dear AIX users,

> > I am desperately looking for a way to intercept syslog events BEFORE
> > they reach syslogd. The reason for this is that I want to implement
> > syslog-ng (http://www.balabit.hu/products/syslog-ng/index.html). No
> > problem on Solaris (/etc/.syslog_door, /dev/syslog etc), but HOW to
pipe
> > into these messages in AIX?

> $ netstat -u | grep log
> 70056600 dgram       0      0 13138fc0        0 7004fd40        0
/dev/log

> ?

That did it! Works like a charm. Thanks!

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

1. Sending syslog messages to a remote syslog server

I have successfully setup a centralized syslog server on Linux
accepting logs from remote clients.
The /etc/syslog.conf file on Linux (192.168.1.20) is configured as
follows:
*.*                               /var/log/mainlog

I have remote Linux, Windows, Snort, HP JetDirects, and Cisco devices
logging to it.  I have not been able to get Solaris to send logs
though.
The /etc/syslog.conf file on Solaris 7.0 (192.168.1.10) is configured
as follows:


The /etc/hosts file on Solaris is configured as follows:
192.168.1.20 loghost

After restarting syslog (etc/init.d/syslog stop and then a start), I
do not see any logs being sent.  I tried to log into telnet with an
incorrect password, and /var/adm/ had a log file that shows I
attempted this, but the Linux box did not.

My question is...Are either of these correct?  I would prefer to use

understand that the second line should work as well.  Any ideas?

2. Internet filter

3. Syslog question - getting other hosts' syslog messages

4. How to copy XA mode 2 CDs?

5. Odd in.pop3d messages in /var/log/{messages,syslog}

6. Ethernet cabling question

7. avoid syslog message in /var/log/messages

8. mod_python on AIX

9. Tuning syslog/Syslog reporting/Syslog enhancement/replacements

10. How to intercept keys and mouse messages?

11. Any way to intercept instand messages?

12. Intercepting mail messages

13. Q: /var/log/messages intercept?