How to set up HP-UX to forward syslog to Sentinel Syslog Collector

 

The following steps can be used for to forward syslog messages on the high port for HP-UX

 

HPUX does not support syslog on TCP, so a UDP syslog server needs to be added to the Sentinel system

1. In the Sentinel Control Centre, open Event Source Management

2. Add a new Syslog Server

3. Choose a UDP port, but not port 514, change the port to 51414

 

On the HP-UX Server:

 

Steps as follows. (These steps presume you have the Syslog Service running on the HP-UX machine)

 

1.   Log in as root

 

2.   Go to /etc/syslog.conf

3.   Add a line:  *.info<tab>@<Sentinel Server IP Address>

4.   Save and Close

5.   Go to /etc/services

6.   Find  syslog    514/udp and change it to 51414/udp

7.   Save and Close.

8.   Go to the /etc/hosts file (in case DNS is not configured or temporarily down)

9.   In the Section that your file has for #Linux Servers (Name might differ depending on setup)

      Enter a line:   <Sentinel_Server_IP><tab><Sentinel_Server_FQDN><tab><Sentinel_Server_BIOS_Name<tab>#Sentinel Server

10.  Now execute the following commands

 

 

 

Now, open the SCC again, and then go to ESM.

At this stage you should see that a event source connected to the syslog connector

Right click on the server and click on RAW Data Tab.

Log out of the HP-UX Server, and test if you see incoming events if you try to authenticate with a incorrect passwords.

 

In the RAW Data tab you should see events coming in.