Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Syslog on Solaris 10

2,560 views
Skip to first unread message

mamu

unread,
Jan 13, 2009, 3:47:49 AM1/13/09
to
Hi,
I am not able to receive syslog messages on my solaris 10 box.
local7.notice /var/log/syslog_info

I have added this line at the end of /etc/syslog.conf. I have
restarted it with : svcadm restart system-log
If I send a test message using : logger -p local7.notice "test" , i
can see this being reflected there but however I am not able to get
the syslogs sent from the device into the log file.

and i have a device that sends syslog and i did a snoop on that
device.
snoop 1.1.1.1
Using device /dev/bge0 (promiscuous mode)
1.1.1.1 -> host1 SYSLOG C port=1105 local7.notice: <189>138: 1w1d:
%SYS
host1 -> 1.1.1.1 ICMP Destination unreachable (UDP port 514
unreachable)

so whats happening is that for some reason it is trying to send this
back to that device . Any idea why this might be happening ?
Thanks,
Mamu

Michael Tosch

unread,
Jan 13, 2009, 7:33:23 AM1/13/09
to

syslogd sends back a reply message to the sending host.
If that fails, it seems to drop it. Maybe for security reason:
a broken/misrouted network packet cannot cause an unwanted entry.

Solve your routing problem.
Make
ping 1.1.1.1
work.

Check /etc/netmasks, run
netstat -r
and check /etc/defaultrouter if your device should be publicly reachable.
If your device is private to your system then add a static route with
route add 1.1.1.1 localhost 1
You might want to write this to a /etc/rc3.d/S99routing file, so
it survives a reboot.

--
echo imhcea\.lophc.tcs.hmo |
sed 's2\(....\)\(.\{5\}\)2\2\122;s1\(.\)\(.\)1\2\11g;1s;\.;::;2'

Wolfgang Ley

unread,
Jan 14, 2009, 5:19:16 AM1/14/09
to
Hi,

syslogd doesn't send the message back but does send an ICMP message
back (telling the sender that there is nobody listening on UDP port
514).
During installation you can select whether you want to enable remote
network services or not. If you turn off remote network services then
syslogd won't accept remote messages.

You can change the global network services setting using the command
"netservices". I would recommend to check syslog service though:
% svcprop -p config/log_from_remote system-log
This must return "true" if syslogd should accept messages from remote.
If you get "false" then you can use the following commands to enable
remote syslogs:
# svccfg -s system-log setprop config/log_from_remote = boolean: true
# svcadm refresh system-log
# svcadm restart system-log

Bye,
Wolfgang.

mamu

unread,
Jan 15, 2009, 1:57:25 AM1/15/09
to

Thanks a lot !!! Its working now. Is there a similar setting I should
do on a Solaris 8 server.

Message has been deleted

adityag...@gmail.com

unread,
Jan 15, 2009, 2:38:56 AM1/15/09
to

Thanks everyone for the help with Solaris 10.

Here is the link that tells how to do it for Solaris 8

http://www.sunsolarisadmin.com/solaris-7/disable-remote-logging-in-syslog-daemon/

Cheers,
Aditya

0 new messages