Dear all ,
I can set the syslog configuration on Linux platform and put the log into the graylog successfully ,but i can not figure out the same setting of AIX platform , it can not put the syslog into the graylog. I used the default syslogd daemon on AIX and refer to the tech document on IBM Knowledge web site. (url :https://www.ibm.com/support/knowledgecenter/en/ssw_aix_72/s_commands/syslogd.html)
however, it still can not work…
Can anybody know how to set syslog on AIX correctly or maybe i ignore the some step ?
please help it , thanks
Syslog on AIX support only UDP syslog to default port 514. So check, that you use graylog Input: Syslog UDP. By default graylog couldn’t run Input on port 514 (below 1024 - because it’s run as normal user not root), so check iptables to forward UDP 514 to graylog input port: https://docs.graylog.org/en/3.2/pages/faq.html#how-can-i-start-an-input-on-a-port-below-1024
Check that you use right syntax in /etc/syslog.conf:
Dear shoothub
Thank you for your replies, first i have add the iptables to forward UDP514 to graylog input port on graylog server . [rule like this: iptables -t nat -A PREROUTING -p tcp --dport 514 -j REDIRECT --to 1514]
Should i add the global input Syslog UDP with port 1514 on the graylog web setting?
At last, i run tcpdump , it look like no messages from remote host …
sudo tcpdump -A -n -vv -i ens160 udp port 1514
