Last reply by 02-01-2023 Unsolved
Start a Discussion
2 Bronze
2 Bronze

Isilon custom syslog port (1/2023)


We have a need to change Dell Isilon syslog port other than default port 514, I know this question has already been asked in 2017 Does anyone know if it’s now possible? We have multiple Isilon's that need to send syslog data to a centralized log ingestor using a unique port. 

Replies (2)
2 Bronze
2 Bronze

We have used the following process to send syslog to splunk, Problem is it seems you have to do it after each upgrade:

#backup /etc/services#
cp /etc/services /ifs/data/Isilon_Data/Servicesbackup/services.bak

#make working copy of service#
cp /etc/services /ifs/data/Isilon_Data/Servicesbackup/services.working

#comment out and add port to services.working with VI.  Ports are in numerical order
#syslog 514/udp
.syslog XXXX/udp #syslog for splunk

#copy working to /etc on all nodes
isi_for_array cp /ifs/data/Isilon_Data/Servicesbackup/services.working /etc/services 

#restart syslog deamon#
isi_for_Array -s 'pkill -HUP sylogd'isi aud

You should now be able to run a tcpdump for the port and see the logs passing.  



Thanks for sharing.

Latest Solutions
Top Contributor