Forum Discussion
AIX log ingestion issue
I am sending AIX logs to a central rsyslog server and using the Syslog Connector to pull the logs into Azure Sentinel. The ComputerName field is populating as `Message` and not the actual hostname or IP of the system. Anyone have thoughts on how to fix this?
3 Replies
Long story short, AIX adds a "Message forwarded by $hostname" string. You have to start syslogd on AIX with the flags:
startsrc -a -n -s syslogd
The "-n" flag is programed to suppress the "Message forwarded from <log_host_name>: " string in the beginning of the forwarded syslog messages.The issues happen with older AIX 6.1 and AIX 5.3.
This is how syslogd looks in AIX 6.1 process table:
root 57868508 4718660 0 May 23 - 1:01 /usr/sbin/syslogd -n
And this is how it looks in AIX 7.2 process table:
root 4129234 1311450 0 Feb 06 - 0:10 /usr/sbin/syslogd
What you need to do to clear out the "-n" flag is this:
# chssys -s syslogd -a ""
# stopsrc -s syslogd; startsrc -s syslogd- same issue i am facing.
ackmysyn, i did as you suggested but still hostname ip address is not coming in logs.
any help will be highly appreciated
