Unsolved
1 Rookie
•
2 Posts
0
514
January 31st, 2023 08:00
Isilon custom syslog port (1/2023)
Hi,
We have a need to change Dell Isilon syslog port other than default port 514, I know this question has already been asked in 2017 Does anyone know if it’s now possible? We have multiple Isilon's that need to send syslog data to a centralized log ingestor using a unique port.
No Events found!
tchstnut
1 Rookie
1 Rookie
•
16 Posts
1
January 31st, 2023 10:00
We have used the following process to send syslog to splunk, Problem is it seems you have to do it after each upgrade:
#backup /etc/services#
cp /etc/services /ifs/data/Isilon_Data/Servicesbackup/services.bak
#make working copy of service#
cp /etc/services /ifs/data/Isilon_Data/Servicesbackup/services.working
#comment out and add port to services.working with VI. Ports are in numerical order
.
#syslog 514/udp
.
.syslog XXXX/udp #syslog for splunk
#copy working to /etc on all nodes
isi_for_array cp /ifs/data/Isilon_Data/Servicesbackup/services.working /etc/services
#restart syslog deamon#
isi_for_Array -s 'pkill -HUP sylogd'isi aud
You should now be able to run a tcpdump for the port and see the logs passing.
tiger1444
1 Rookie
1 Rookie
•
2 Posts
0
February 1st, 2023 10:00
Thanks for sharing.