Configuring UNIX Computers to Forward Syslog Messages
To forward UNIX syslog messages, a UNIX computer must have an entry in its system logger configuration file (Syslog.conf) that maps syslog messages to the IP address of a MOM agent computer.
To forward UNIX syslog messages to a MOM agent computer
Determine the IP address of the MOM agent computer, and then run
ipconfigat a command prompt on the MOM agent computer; do not specify any parameters when you runipconfig.The IP address of the MOM agent computer is displayed.
Update the Syslog.conf file on the UNIX computer to forward syslog messages to the MOM agent computer.
The Syslog.conf file must contain an entry for each message type that is forwarded to MOM, as well as the IP address of the MOM agent computer that will receive the syslog message. In the Syslog.conf file, tabs separate the message type and the IP address. The message type is of the form facility.level, such as kern.error, which signifies a kernel error.
The following facility values are recognized by MOM: auth, cron, daemon, ftp, kern, local0, local1, local2, local3, local4, local5, local6, local7, lpr, mail, mark, news, syslog, user, and uucp.
The following priority levels, from highest to lowest, are recognized by MOM: emerg, alert, crit, error, warning, notice, info, and debug.
A good practice is to forward only selected events to MOM. Therefore, instead of sending all events to MOM, only events with a certain priority level are sent.
The following example sends syslog messages with a priority of error (or higher) to the MOM agent computer identified by the IP address 172.16.0.12. Tabs (not spaces) are used between the message type and the IP address, and the at sign (@) precedes the IP address.
*.err @172.16.0.12The following example sends syslog user messages with a priority of alert (or higher) to the MOM agent computer that has an IP address of 172.16.0.12.
user.alert @172.16.0.12Consult your UNIX documentation for additional Syslog.conf file help, as well as for descriptions of the facility and priority level values.
Restart the system logger daemon (syslogd) on the UNIX computer.
For example, execute the following commands to find the syslog process ID, and then restart the system logger using the new Syslog.conf file.
ps -A | grep syslog kill -HUP <pid>Consult your UNIX documentation for additional information about the syslogd daemon.
Your UNIX system is now ready to forward syslog messages to a MOM agent. When the MOM agent receives the syslog message, the MOM agent creates an event (that is viewable in the MOM data stream). The event's Parameter1 value is the syslog message priority, and the event's Parameter2 value is the syslog message text. An event's parameters are viewable through the event property's Parameters property page.
If you have more than one UNIX computer, they can forward syslog messages to the same MOM agent. In the MOM Administrator console, the UNIX computers are not included in the All Agents list, but they do appear in the All Computers list.
Note
In addition to configuring a UNIX computer to forward syslog messages to a MOM agent computer, a rule based on a syslog port must be deployed by MOM (to the MOM agent computer, not to the UNIX computer). For more information about deploying a rule based on a syslog port, see Receiving UNIX Syslog Messages in MOM.