NetBackup vxlogcfg LogToOslog

[MoreFeo]

Hi all.

We've just received a NetBackup Appliance (52XX I think), and I've been asked to redirect all the logs to syslog, so it can be forwarded to AlienVault OSSIM.
I've gone thru the documentation and I've googled around, but I don't find an example on how to redirect the logs.

I've found the vxlogcfg command, and some examples, but I'm a bit confused about Unified Logging, ProductID, OriginatorID, etc...

Does anyone know a good "How to" or quick start guide on NetBackup Logging?
Has anyone already configured logs redirection to syslog?


Thanks.

 

[Martin999]

If you mean you wish to direct the individual logs to the syslog file you can't do this.

The vxlogs can be moved location, as in a different directory and in NBU this should be done with the vxlog commands, so that the log location is set in the nblog.conf file (a file that must not be edited manually).

If I recall correctly, on the appliances the logs are redirected from the 'usual' /usr/openv/logs via a sym link, so I guess this could be changed to a separate directory if you wish.

However, you cannot direct the individual logs to the syslog.

The vxlog file name is important, if it is anything other than what the system creates it as, the you will be unable to run vxlogview for a start.

Guide to logs -

http://www.symantec.com/docs/TECH75805

The OIDs are failrly simple, it's just a number given to id the log as opposed to a name.

111 = nbemm, 116= nbpem 143=mds etc ...

Worth noting that not all of these produce an individual log, for example there is no 'mds' lod file, in this example, mds actually logs into nbemm log. You would only see these 'mds' lines however, if you ran vxlogview with -i 111 as opposed to the more usual -o 111

Martin