cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AIX log ingestion issue

%3CLINGO-SUB%20id%3D%22lingo-sub-2233035%22%20slang%3D%22en-US%22%3EAIX%20log%20ingestion%20issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2233035%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20sending%20AIX%20logs%20to%20a%20central%20Syslog%20server%20and%20using%20the%20Syslog%20Connector%20to%20pull%20the%20logs%20into%20Azure%20Sentinel.%20The%20ComputerName%20field%20is%20populating%20as%20%60Message%60%20and%20not%20the%20actual%20hostname%20or%20IP%20of%20the%20system.%20Anyone%20have%20thoughts%20on%20how%20to%20fix%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2233222%22%20slang%3D%22en-US%22%3ERe%3A%20AIX%20log%20ingestion%20issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2233222%22%20slang%3D%22en-US%22%3E%3CP%3ELong%20story%20short%2C%20AIX%20adds%20a%20%22Message%20forwarded%20by%20%24hostname%22%20string.%20You%20have%20to%20start%20syslogd%20on%20AIX%20with%20the%20flags%3A%3C%2FP%3E%3CP%3Estartsrc%20-a%20-n%20syslogd%3C%2FP%3E%3C%2FLINGO-BODY%3E
ackmysyn
New Contributor

‎Mar 24 2021 10:19 AM - edited ‎Mar 24 2021 10:45 AM

‎Mar 24 2021 10:19 AM - edited ‎Mar 24 2021 10:45 AM

AIX log ingestion issue

I am sending AIX logs to a central rsyslog server and using the Syslog Connector to pull the logs into Azure Sentinel. The ComputerName field is populating as `Message` and not the actual hostname or IP of the system. Anyone have thoughts on how to fix this?

301 Views
0 Likes
1 Reply
Reply
1 Reply
ackmysyn

‎Mar 24 2021 11:46 AM - edited ‎Mar 24 2021 11:52 AM

‎Mar 24 2021 11:46 AM - edited ‎Mar 24 2021 11:52 AM

Re: AIX log ingestion issue

Long story short, AIX adds a "Message forwarded by $hostname" string. You have to start syslogd on AIX with the flags:

startsrc -a -n -s syslogd

0 Likes
Reply