0
On an AIX 7.2 machine I need to send the syslogs on a different machine and as instructed I have added my log server ip address in the /etc/syslog.conf file like this:
kern.debug;mail.debug;daemon.debug;syslog.debug;uucp.debug;local0.debug @11.11.11.11
Now I need to configure this to use a different port rather than the default 514/udp one to 601/tcp so I went and changed this line in the /etc/services file:
syslog 514/udp #
to
syslog 601/tcp #
Did a refresh -s inetd; stopsrc -s syslogd; sleep 2; startsrc -s syslogd
even if I'm pretty sure that only refresh -s syslog
should suffice and observed by issuing a lssrc -s syslogd
that syslogd service is inactive.
Now I cannot debug this as I don't have any logs being generated anymore and my errpt doesn't show me anything either.
If I switch back to the 514/udp port the syslogd service will start up correctly.
Also tried to add the port number after in the /etc/syslog.conf file like this:
kern.debug;mail.debug;daemon.debug;syslog.debug;uucp.debug;local0.debug @11.11.11.11:601
but even if the syslogd is running, I don't see any change in logs being transmitted to the log server.
I do see 2 syslog-conn service being listed in the /etc/services file that point to the same 601 like this:
syslog 514/udp #
syslog-conn 601/tcp # Reliable Syslog Service
syslog-conn 601/udp # Reliable Syslog Service
but couldn't find anything related to this syslog-conn in IBM's documentation.
The output of netstat -an | grep 514
is udp 0 0 *.514 *.*
I can manualy connect usign telnet to 11.11.11.11 using port 601 from my machine.
So why I still cannot start the service using port 601 for syslog and finally, what should I do in order to receive logs to the AIX server.
Well, switching a service from udp to tcp is a massive change in terms of how the receiver needs to work, and is not insignificant on the sender either. Changing a config file won't magically produce the necessary code. – user1686 – 2019-10-02T14:58:02.773