cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AIX log ingestion issue

ackmysyn
Copper Contributor

‎Mar 24 2021 10:19 AM - edited ‎Mar 24 2021 10:45 AM

‎Mar 24 2021 10:19 AM - edited ‎Mar 24 2021 10:45 AM

AIX log ingestion issue

I am sending AIX logs to a central rsyslog server and using the Syslog Connector to pull the logs into Azure Sentinel. The ComputerName field is populating as `Message` and not the actual hostname or IP of the system. Anyone have thoughts on how to fix this?

1,778 Views
0 Likes
3 Replies
Reply
3 Replies
ackmysyn

‎Mar 24 2021 11:46 AM - edited ‎Mar 24 2021 11:52 AM

‎Mar 24 2021 11:46 AM - edited ‎Mar 24 2021 11:52 AM

Re: AIX log ingestion issue

Long story short, AIX adds a "Message forwarded by $hostname" string. You have to start syslogd on AIX with the flags:

startsrc -a -n -s syslogd

1 Like
Reply
jwalasingh

‎Nov 21 2022 12:51 AM

‎Nov 21 2022 12:51 AM

Re: AIX log ingestion issue

same issue i am facing.
@ackmysyn, i did as you suggested but still hostname ip address is not coming in logs.
any help will be highly appreciated
0 Likes
Reply
rich360

‎Jun 12 2023 09:12 AM - edited ‎Jun 12 2023 09:17 AM

‎Jun 12 2023 09:12 AM - edited ‎Jun 12 2023 09:17 AM

Re: AIX log ingestion issue


The "-n" flag is programed to suppress the "Message forwarded from <log_host_name>: " string in the beginning of the forwarded syslog messages.

 

The issues happen with older AIX 6.1 and AIX 5.3.

 

This is how syslogd looks in AIX 6.1 process table:

root 57868508 4718660 0 May 23 - 1:01 /usr/sbin/syslogd -n

 

And this is how it looks in AIX 7.2 process table:

root 4129234 1311450 0 Feb 06 - 0:10 /usr/sbin/syslogd

 

What you need to do to clear out the "-n" flag is this:

# chssys -s syslogd -a ""
# stopsrc -s syslogd; startsrc -s syslogd

0 Likes
Reply