Log event Icon

Welcome to another post in the series of configuration instructions in enabling monitored systems to send system logs to a central logging server – HP UX.

This configuration instruction contains the following information for configuring a Hewlett-Packard UNIX event source. The tested platform is based on HP-UX version 11, and C2 v11 (Security and Authentication messages only).

To configure HP-UX for centralized logging:

1. Login to HP-UX server.

2. Turn on debugging and logging for an application (i.e. ftp daemon)

a. Open the /etc/inetd.conf file in a text editor (i.e. vi – our favorite)

b. Add -v -l to the ftp line

/usr/lbin/ftpd -v -l

c. Save the file and close the text editor.

3. Log all messages of debug level or higher.

a. Open the /etc/syslog.conf file in a text editor.

b. Add the following line, where xxx.xxx.xxx.xxx is the address for the log collector server
(i.e. our log collector is 192.168.0.10)

*.debug     @xxx.xxx.xxx.xxx
Important: Insert a TAB space between debug and @xxx.xxx.xxx.xxx

c. Save the file and close the text editor.

4. To make syslogd, re-read its configuration file, send it a HANGUP signal:

kill -HUP `cat /var/run/syslog.pid`

5. To indicate to the inetd daemon to read the configuration files:

inetd -c

6. To start the inetd daemon in logging mode:

inetd -l

NOTE: Start inetd automatically with logging by placing a -l flag in the /sbin/init.d/inetd file where inetd is being started.

As always the most important part is to check if the logs are generated and sent to the log collector. Once you see the logs collected, then that is it for configuring the HP-UX server.
Watch out for the next topic in our series as we list the instruction for another type of server/device.