Troubleshooting
Problem
How to forward syslog logs from a AIX® system to a specific port on a syslog server?
Symptom
Syslog logs are not getting forwarded to syslog server listening on a nondefault port(port other than 514).
Cause
The native AIX syslogd uses UDP port 514 by default and cannot use TCP port 514 or any other nondefault port. In other words, it does not have the functionality to forward to a nondefault server port.
Resolving The Problem
We recommend switching to rsyslog to be able to forward to a specific syslog server port.
Here are the steps to do that:
1) Download and install rsyslog per the instructions in the following technote:
IBM AIX: How to Download, Install and Use rsyslog In Place of the Native syslog Logging Service
*If the download link in the technote does not work for you, try this one instead:
2) Take a backup copy of your current /etc/syslog.conf, then convert it to rsyslog.conf:
# cp /etc/syslog.conf /etc/syslog.conf.old
# syslog_ssw -c /etc/syslog.conf /etc/rsyslog.conf
3) Then edit /etc/rsyslog.conf and set the port forwarding like so -
Default UDP forwarding:
<facility.priority> @<remote_address>:<port_number>
To switch to TCP:
<facility.priority> @@<remote_address>:<port_number>
4) Restart syslogd for the changes to take effect and verify it is operative:
# stopsrc -s syslogd
# startsrc -s syslogd
# lssrc -s syslog
# ps -ef | grep rsyslog
5) Monitor and see whether syslog messages are being forwarded to the specific syslog server port.
Related Information
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"Component":"","Platform":[{"code":"PF002","label":"AIX"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
Was this topic helpful?
Document Information
Modified date:
09 January 2023
UID
ibm16839867