OpenVMS 7.3 on VAX logs on a remote Linux RSYSLOG syslog server |
I wanted to add my QCOCAL hobbyist OpenVMS 7.3 VAX system logs to this central syslog server on my VPS.
Fortunately, all the work has already been done by Doug O'Neal from Homewood Academic Computing at Johns Hopkins University, whose SYSLOGD.C program pretty much worked out of the box.
The only tweak I made to Doug's SYSLOGD.C is to support a second OpenVMS Logical "SYSLOGD_PORT" to specify the UDP port number of my remote RSYSLOG Linux server, since I am not running it on the standard port (514). This is in addition to the "SYSLOGD_SERVER" Logical already supported by Doug's code.
Both Logicals need to be defined in the SYSTEM Logical Table LNM$SYSTEM_TABLE. Something like the following three lines in the OpenVMS startup file (SYS$MANAGER:SYSTARTUP_VMS.COM for my OpenVMS 7.3 VAX installation) suffice to start the VMS SYSLOG client at boot time;
$ define/system syslogd_server "64.137.248.212" ! IP address sanyalnet-cloud-vps.freeddns.org
$ define/system syslogd_port "65514" ! UDP Port that remote syslogd is listening on
$ run/detached/process_name=syslogd/input=nl:/output=nl:/error=nl: DUA0:[TOOLS.SYSLOGD]SYSLOGD.EXE
$ CC SYSLOGD
$ LINK SYSLOGD
Some warning and informationals are generated by the compiler and linker, but nothing to stop SYSLOGD.EXE from being generated and used.
You can also download the source and OpenVMS VAX V7.3 binary executable from my FAL area on QCOCAL over HECNET or over the internet from QCOCAL served by WASD.
Making it secure
The OpenVMS SYSLOGD facility sends log content to the remote RSYSLOG server with no encryption, in cleartext over UDP. This is totally insecure - any rookie hacker could sniff the packets and learn a lot about what is going on with our OpenVMS server.
We need to make the transmission of the logs to the remote server secure.
Fortunately, I have recently setup a secure tunnel for logging to my remote central log server from my other hobbyist servers, as described in this post. This makes it really easy to secure OpenVMS log transmissions to the central server.
First, I identified a syslog server on the local LAN that is already configured as a secure tunnel (stunnel) client to my central log server. I decided to use the same Linux host (10.42.2.2) that is running the SIMH OpenVMS VAX for this purpose. It is directly and quickly accessible from the SIMH VAX (10.42.2.5) because the SIMH VAX network link is just a tun/tap bridge on the same server.
I opened up /etc/rsyslog.conf on this SIMH host Linux server, and uncommented the following lines to allow rsyslog to accept logger connections over network.
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
The TCP syslog reception port did not really need to be opened up for this rsyslog daemon to accept log entries over UDP from SYSLOGD.EXE on OpenVMS VAX, but may come in useful for later projects.
A restart of the rsyslog daemon on the Linux host is required after editing /etc/rsyslog.conf:
# service rsyslog restart
Then I logged into the OpenVMS VAX server and modified the OpenVMS SYSLOGD startup commands to point to the Linux SIMH host instead of the remote syslog server:
$ define/system syslogd_server "10.42.2.2" ! IP address of the host this SIMH VAX is running on
$ define/system syslogd_port "514" ! UDP Port of the host rsyslog server
SYSLOG then needs to be restarted on OpenVMS VAX:
$ show system
$ stop/id=<id of SYSLOGD>
$ run/detached/process_name=syslogd2vps/input=nl:/output=nl:/error=nl: DUA0:[TOOLS.SYSLOGD]SYSLOGD.EXE
Going back to the Linux host, an examination of the logs now reveals the VAX Server is sending logs here:
OpenVMS VAX SYSLOGD,EXE logging to rsyslog logger daemon running on it's own SIMH VAX linus host |
And here is the fun part. Since this rsyslog daemon is already configured to use stunnel to send logs securely to the remote server, the logs from OpenVMS VAX are also forwarded to the remote syslogd daemon over the same secure tunnel.
Sure enough, checking my remote VPS central syslog server log, I see the OpenVMS VAX logs dutifully forwarded by the local SIMH host Linux box.
syslog entries on central rsyslog linux server from OpenVMS VAX forwarded by SIMH VAX Linux host over stunnel secure tunnel |
No comments:
Post a Comment
"SEO" link builders: move on, your spam link will not get posted.
Note: Only a member of this blog may post a comment.