Re: SYSLOG port usage
Thanks, I read those comments and also could not find a way to specify port type or port number from either side. I am saddened by the inability to change either side of this equation. The IBM equipment will not talk to the IBM software. So much for the mainframe and dasd being a full network citizen like other platforms. I am not irritated enough to request an enhancement to either the mainframe code OR the DS8884 code. The process is long and convoluted and 'designed by committee'. I was just hoping to get basic information for urgent problems without buying a suite of SIEM tools or SAN monitoring tools or SNMP tools or any of the other plethora of products. Simple syslog was going to be a basic window to get a kind of real time look at whats going on. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: SYSLOG port usage
On 2022-04-19 03:16 AM, Tom Longfellow wrote: I am still left with concerns from the 'sending' end of the syslog information. The DS8884 is using TCP, not UDP. There are no visible means of changing the communication packet type being used. My only hope is that the -n version of the z/OS syslog daemon will listen on TCP port 514 (or even 1468) when started up. The sample in prefix.SEZAINST(SYSLOGD) provides a clue that the syslogd only listens to UDP: BROWSETCPIP.SEZAINST(SYSLOGD) Line 25 Col Command ===> Scroll = //* If you would like to run two instances of syslogd, make a second * //* copy of this proc and replace -i with -n in the second instance. * //* The instance using -n will process only log messages received* //* over the well-known syslogd port via UDP. One instance must * //* use -i and the other must use -n in order to run two instances. * //* * //* The -c command-line option specifies that syslogd should create * //* any log files or directories which do not already exist. * //* * //* The -i command-line option specifies that syslogd should not * //* process log messages sent to the well-known syslog port via UDP. * //* z/OS syslogd has no parameters for specifying the use of TCP or a non-standard port. FWIW, a lot of sites are sending their syslog traffic to SIEM products; all such products that I've seen can accept TCP traffic. -- -- Regards, Gord Tomlin Action Software International (a division of Mazda Computer Corporation) Tel: (905) 470-7113, Fax: (905) 470-6507 Support: https://actionsoftware.com/support/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: SYSLOG port usage
Thanks, I am sure that will be part of my final resolution for this situation. I am still left with concerns from the 'sending' end of the syslog information. The DS8884 is using TCP, not UDP. There are no visible means of changing the communication packet type being used. My only hope is that the -n version of the z/OS syslog daemon will listen on TCP port 514 (or even 1468) when started up. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: SYSLOG port usage
On Apr 18, 2022, at 12:48 PM, Tom Longfellow <03e29b607131-dmarc-requ...@listserv.ua.edu> wrote: > > I have been wandering in the wilderness of unix syslogs under z/OS and have > been unable to find a definitive answer to the following question. > > Does z/OS SYSLOGD daemon support TCP protocol connections for incoming > messages from other hosts?? > When you start up a syslog daemon on z/OS, you must pass it either ‘-c’ or ‘-n’ as an argument. A daemon with ‘-c’ only accepts local syslog calls, while one with ‘-n’ only accepts remote calls. If you want to do both, you need to start two daemons with the two different arguments. The default JCL IBM supplies has ‘-c’, so if you’re using that it won’t accept remote UDP connections. Hope this helps. -- Pew, Curtis G curtis@austin.utexas.edu -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
SYSLOG port usage
I have been wandering in the wilderness of unix syslogs under z/OS and have been unable to find a definitive answer to the following question. Does z/OS SYSLOGD daemon support TCP protocol connections for incoming messages from other hosts?? -- Here are the gory details. 1. A DS8884 - and we want to send syslog information to the syslog server on z/OS (v2.4) 2. Adding the IP address to the syslog configuration of the DS8884 'works' but the connection does not activate or work under 'test'. The DS8884 does not allow selection of the protocol (TCP or UDP). 3. IP tracing shows incoming packets on z/OS with TCP protocol port 514. Those packets are reset rejected. 4. Documentation says that UDP 514 is the default for syslog traffic between hosts. 5. There was documentation for TCP 1468 being a well known port for TCP protocols for syslogd. I have no clue if this is possible on z/OS. Any ideas?? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN