HP UX System Adstration manual Configuring a Log Forwarding Client Using clogwizard

Page 54

3.3.1.6 Configuring a Log Forwarding Client Using clog_wizard

There are two ways to configure a log forwarding client: as a standalone machine or as a Serviceguard cluster. When configuring a cluster as a log forwarding client, all the members of the cluster will be configured identically as clients. The wizard asks the same questions and performs the same configuration actions for single systems and for clusters. The examples below show use of the clog wizard on a Serviceguard cluster. After starting clog_wizard, answer “yes” to the following question:

Do you want to configure log consolidation? (y/n) [y]:

or press Enter. The next question is:

You can configure this cluster cluster_member as either a:

-Consolidation server

-Client that forwards logs to a remote consolidation server

Do you want to configure cluster_member as a Consolidation Server? (y/n) [y]: n

Answer “No” here. At this point you are configuring a log forwarding client. The wizard displays the following:

You now need to specify which system will be the consolidator. If the consolidator is a Serviceguard cluster, specify the IP address of the "clog" Serviceguard package for this question. The "clog" package makes log consolidation highly

available on the consolidator.

The consolidation server must already be configured.

Enter the hostname or IP address of the consolidator []: clog.usa.xyz.com

After entering the hostname or IP address of the log consolidation server, the wizard asks if you want to use the TCP transport when forwarding log messages:

You can choose to forward logs to the consolidator using either the UDP protocol or the TCP protocol (recommended).

Do you want to use the TCP protocol? (y/n) [y]:

Standard syslogd forwards messages using the UDP protocol. UDP is a high-performance, broadcast-oriented protocol with no flow control or message delivery verification. syslog-ngsupports syslogd’s UDP protocol and a TCP protocol. The TCP transport offers both flow control and message delivery checks. However, since TCP is a connection-oriented protocol, it requires additional resources on the log consolidation server. The consolidation server’s max-connectionsattribute must be set according to the maximum number of expected clients. Refer to the section “Configuring a Log Consolidation Standalone Server with clog_wizard” (page 46) for a discussion of the max-connectionssetting.

If you answer “yes” to using TCP, the next question asks for the TCP port to forward messages to:

Ask the administrator of the consolidation server which TCP port was configured for receiving logs.

Enter the TCP port configured on the CONSOLIDATOR for receiving logs []: 1776

You must use the TCP port selected by the system administrator of the log consolidation server. If the clog_wizard was used to configure the server, the port number is saved in /etc/rc.config.d/syslog-ngas the variable CLOG_TCP_PORT. In this example, TCP port

1776 was used. If you answer “yes” to the TCP question, the following question is displayed:

The TCP protocol can be used together with Secure Shell port forwarding to enhance security. Each member of this cluster must already have non interactive Secure

54 Consolidated Logging

Page 53 Page 55
Image 54
Page 53 Page 55
Contents Distributed Systems Administration Utilities Users Guide Copyright 2009 Hewlett-Packard Development Company, L.P Table of Contents HP-Supported Open Source pdsh Options Index Syslog-ngLog-Forwarding Configuration List of FiguresConsolidated Logging Commands Target Node Error MessagesList of Tables Typographic Conventions About this DocumentIntended Audience Related InformationProduct Support HP Encourages Your Comments Introduction Consolidated Logging Commands Distributed Systems Administration Utilities CommandsConfiguration Synchronization Command Command Fanout CommandsOpen Source pdsh Commands Utility Setup CommandOpen Source cfengine Commands Open Source ComponentsDistributed Systems Administration Utilities Manual Pages Open Source syslog-ng CommandDsau Manual Page Sections Configuration Synchronization Cfengine OverviewCfengine Daemons and Commands Configuration SynchronizationCfengine Master Server Deployment Models Cfengine OverviewConfiguring cfengine Using the Configuration Synchronization WizardConfiguration Data for csyncwizard # /opt/dsau/sbin/csyncwizardWizard displays the following introductory screen Wizard proceeds to configure the system as a master server # /opt/dsau/sbin/csyncwizard Configuration Synchronization Configuring cfengine Would you like to manage clients? N Cluster Configuration Notes for cfengine Serviceguard Automation FeaturesVar/opt/dsau/cfengine/inputs directory Using the Wizard to Configure a Synchronization Client Opt/dsau/bin/csyncdispatcher Memberadded newhostManual Configuration When prompted, enter the name of the client to addManually Configuring a Standalone Synchronization Server Start by creating the directory# mkdir -p /var/opt/dsau/cfenginemaster/inputs # /opt/dsau/sbin/cfkey # /var/opt/dsau/cfengine/ppkeys # cp localhost.pub root-10.0.0.5.pub# cfrun -- --inform # /sbin/init.d/cfservd start# cfagent --no-lock --verbose --no-splay # cfrun -v -- --verboseInitial Serviceguard Package Preparation # mkdir -p /csync/dsau/cfenginemaster/masterfilesPolicyhost = csync.abc.xyz.com List Managed Clients in cfrun.hostsEdit the cfservd.conf File # /opt/dsau/sbin/cfkey# ccp * /var/opt/dsau/cfengine/ppkeys # ccp /etc/rc.config.d/cfservd /etc/rc.config.d/cfservd# cp localhost.pub root-192.10.25.12.pub # cexec /sbin/init.d/cfservd startApply the package and start it Test the configuration by performing the following steps# ccp csync csync.conf /etc/cmcluster/csync # cmapplyconf -P csync.conf # cmmodpkg -e csyncConfiguring a Synchronization Managed Client On a managed client, use the commandSecurity Notes Choosing a Synchronization Invocation MethodEncryption Key ExchangeCsync Network Port Usage Encryption Checksum alertsChecksum Alerts Disabling Use of cfengineLogging Options # /sbin/init.d/cfservd stop#cfagent -K Cfengine TroubleshootingSyntax error due to missing or superfluous spaces Unable to connect to a cfengine client or masterCfagent -d, -d1, -d2, or -d3 cfservd Cfrun Syslog Message Format Consolidated LoggingIntroduction to syslog 2describes syslog Facilities MessagesLog Consolidation Overview Message FilteringImproved Log Consolidation Syslog Co-existence Etc/cmcluster/package-name/package-name.log Log Consolidation Configuration Syslog-ng Log Consolidator ConfigurationUsing the Log Consolidation Wizard Configuration Data for clogwizardOpt/dsau/sbin/clogwizard Where N is the expected number of clients Answer yes y or press Enter. The next question isAnswer yes y. The wizard then prompts If these choices are correct, continue Next prompt is Log files that reside on this cluster can be consolidated Consolidated package logs would be located here Cluster Configuration Notes for clog Minimizing Message Loss During Failover Configuring a Log Forwarding Client Using clogwizard Or press Enter. The next question isEnter the ssh port to be used for port forwarding Manually Configuring Log Consolidation Manually Configuring a Standalone Log Consolidation Server# /sbin/init.d/syslogd stop # /sbin/init.d/syslogd start Replace the %UDPLOOPBACKLOG% token withFor example, for TCP If using the TCP protocol, add Create the following symbolic linkChange the Clogconfigured line to Add the following linesLog Consolidation Configuration SYSLOGDOPTS=-D -N KEEPALIVE% tokens with appropriate values UDPLOOPBACKSOURCE% and %UDPLOOPBACKLOG% tokens If consolidating package logs of this cluster, add Creating the clog PackageIf using VxVM, comment out the LVM Volume Group line Testing and Starting the clog Package Distribute it cluster-wideThen use cmviewcl to make sure it is running Manually Configuring Log Forwarding Clients Using VxVM Instead of LVMManually Configuring a Standalone Log Forwarding Client Ln -sf /etc/syslog-ng.conf.client /etc/syslog-ng.conf # /sbin/init.d/syslog-ng start # cpp /etc/rc.config.d/syslogd /etc/rc.config.d Destination dsyslog%TYPE% %TYPE%%IP%port%PORT% Otherwise, if using the UDP protocol, add If using the TCP protocol, add the following linesIf using ssh port forwarding, add Create the following symbolic link on each cluster memberStart syslog-ngon all cluster members using Forwarding Ascii Log DataFor the destination line For the filter lineConsolidating Package Logs on the Log Consolidation Server For the log lineDisabling a Standalone Log Consolidation System Perform the following steps to disable log consolidationDisabling Log Consolidation #/sbin/init.d/syslogd stop#/sbin/init.d/syslogd start Disabling a Serviceguard Cluster Log Consolidation SystemDisabling a Standalone Log Forwarding Client # /sbin/init.d/syslog-ng stopDisabling a Serviceguard Cluster Log Forwarding Client #/sbin/init.d/syslogd stop #/sbin/init.d/syslogd startSecuring Consolidated Logs Log File ProtectionsSsh Port Forwarding Using Bastille to Harden the System Clog Network Port Usage# cd /opt/ssh/etc # ccp sshhost* /opt/ssh/etc Starting System Management Homepage Using the System and Consolidated Log ViewerViewing System and Consolidated Logs To log in to the System Management Homepage, navigate toViewing System and Consolidated Logs Page Command Fanout Parallel Distributed ShellSystems Pdsh Utility WrappersAll nodes Cwall displays a wall1M broadcast message on multiple hostsSsh Security Setup Security ConfigurationRemote Shell Security Setup # csshsetup -r -f memberslist.txtRsh Command Messages Command Fanout TroubleshootingSsh Command Messages Target Node Error MessagesHP-Supported Open Source pdsh Options Page Index CfanouthostsLVM UDP
Top Page Image Contents