Isilon custom syslog port (1/2023)

Question

Hi, We have a need to change Dell Isilon syslog port other than default port 514, I know this question has already been asked in 2017 Does anyone know if it’s now possible? We have multiple Isilon's that need to send syslog data to a centralized log ingestor using a unique port.

tchstnut · Answer

We have used the following process to send syslog to splunk, Problem is it seems you have to do it after each upgrade:

#backup /etc/services#
cp /etc/services /ifs/data/Isilon_Data/Servicesbackup/services.bak

#make working copy of service#
cp /etc/services /ifs/data/Isilon_Data/Servicesbackup/services.working

#comment out and add port to services.working with VI. Ports are in numerical order
.
#syslog 514/udp
.
.syslog XXXX/udp #syslog for splunk

#copy working to /etc on all nodes
isi_for_array cp /ifs/data/Isilon_Data/Servicesbackup/services.working /etc/services

#restart syslog deamon#
isi_for_Array -s 'pkill -HUP sylogd'isi aud

You should now be able to run a tcpdump for the port and see the logs passing.

tiger1444 · Answer

Thanks for sharing.

Isilon

Was this post helpful?