HP -UX Syslog: Validate Log Forwarding and Configuration

Page 66

5.Validate that log forwarding is working properly. If consolidating the cluster’s local syslogs, use “logger test-message and make sure this message is in the consolidated syslog.log. If you are not consolidating local logs, use the logger command from a log forwarding client.

Note that logger messages are first sent to the local syslogd, which forwards them to syslog-ng. By default, syslogd suppresses duplicate messages. If you issue multiple logger test messages, make sure each is unique. The logger message should appear in the consolidated syslog.log located in the directory specified in the /etc/ syslog-ng.conf.server file. For the examples above, that directory would be /clog/ syslog/syslog.log.

If consolidating package logs for this cluster, any package actions that generate package log information, such as a package failover, should cause a consolidated package log to appear in /clog/packages.

3.3.2.2.3 Using VxVM Instead of LVM

The default clog package script template assumes that you are using LVM based storage. To use VxVM storage instead, you must edit the clog package script under /usr/local/cmcluster/ conf/clog/clog. Comment out the LVM Volume Group line “VG[0]=“xxx””, uncomment the line “VXVM_DG[0]=”, and enter the VxVM Disk Group.

3.3.2.3 Manually Configuring Log Forwarding Clients

You can configure either a standalone system or a Serviceguard cluster as log forwarding clients. You can also manually configure Serviceguard package logs as if they were syslog data. For each case, you set up both syslogd and syslog-ng.

3.3.2.3.1 Manually Configuring a Standalone Log Forwarding Client

1.Start by configuring the standard syslogd to co-exist with a syslog-ngforwarder.

a.By default, syslogd listens for incoming log messages on UDP port 514. If you want to forward this system's syslogs, syslog-ng must listen on UDP port 514. Edit /etc/ rc.config.d/syslogd and change SYSLOGD_OPTS to add the-N switch which prevents syslogd from listening on port 514. For example:

SYSLOGD_OPTS=“-D -N”

b.Edit the system’s /etc/syslog.conf file to forward log messages to port 514 on the local host where they will be read by syslog-ng. Using the HP-UX default /etc/ syslog.conf as the example, add the following lines:

mail.debug

@fully

qualified

hostname

*.info;mail.none

@fully

qualified

hostname

where fully qualified hostname is the fully qualified hostname of this system. The name must be fully qualified or syslogd will not forward the messages properly.

If you have customized syslog.conf, make sure to add the forwarding lines for your customizations as well.

c.Stop and restart syslogd for these changes to take effect:

#/sbin/init.d/syslogd stop

#/sbin/init.d/syslogd start

2.To configure syslog-ng, start with the same syslog-ng.conf templates used by the clog_wizard.

Copy /opt/dsau/share/clog/templates/syslog-ng.conf.client.template to /etc/syslog-ng.conf.client. This file has tokens named <%token-name%> that are replaced by the wizard based on the administrator’s answers to the wizard’s questions.

Manually replace the tokens in /etc/syslog-ng.conf.clientas follows:

66 Consolidated Logging

Image 66
Contents Distributed Systems Administration Utilities Users Guide Copyright 2009 Hewlett-Packard Development Company, L.P Table of Contents HP-Supported Open Source pdsh Options Index Syslog-ngLog-Forwarding Configuration List of FiguresConsolidated Logging Commands Target Node Error MessagesList of Tables Typographic Conventions About this DocumentIntended Audience Related InformationProduct Support HP Encourages Your Comments Introduction Consolidated Logging Commands Distributed Systems Administration Utilities CommandsConfiguration Synchronization Command Command Fanout CommandsOpen Source pdsh Commands Utility Setup CommandOpen Source cfengine Commands Open Source ComponentsDistributed Systems Administration Utilities Manual Pages Open Source syslog-ng CommandDsau Manual Page Sections Configuration Synchronization Cfengine OverviewCfengine Daemons and Commands Configuration SynchronizationCfengine Master Server Deployment Models Cfengine OverviewConfiguring cfengine Using the Configuration Synchronization WizardConfiguration Data for csyncwizard # /opt/dsau/sbin/csyncwizardWizard displays the following introductory screen Wizard proceeds to configure the system as a master server # /opt/dsau/sbin/csyncwizard Configuration Synchronization Configuring cfengine Would you like to manage clients? N Cluster Configuration Notes for cfengine Serviceguard Automation FeaturesVar/opt/dsau/cfengine/inputs directory Using the Wizard to Configure a Synchronization Client Opt/dsau/bin/csyncdispatcher Memberadded newhostManual Configuration When prompted, enter the name of the client to addManually Configuring a Standalone Synchronization Server Start by creating the directory# mkdir -p /var/opt/dsau/cfenginemaster/inputs # /opt/dsau/sbin/cfkey # /var/opt/dsau/cfengine/ppkeys # cp localhost.pub root-10.0.0.5.pub# cfrun -- --inform # /sbin/init.d/cfservd start# cfagent --no-lock --verbose --no-splay # cfrun -v -- --verboseInitial Serviceguard Package Preparation # mkdir -p /csync/dsau/cfenginemaster/masterfilesPolicyhost = csync.abc.xyz.com List Managed Clients in cfrun.hostsEdit the cfservd.conf File # /opt/dsau/sbin/cfkey# ccp * /var/opt/dsau/cfengine/ppkeys # ccp /etc/rc.config.d/cfservd /etc/rc.config.d/cfservd# cp localhost.pub root-192.10.25.12.pub # cexec /sbin/init.d/cfservd startApply the package and start it Test the configuration by performing the following steps# ccp csync csync.conf /etc/cmcluster/csync # cmapplyconf -P csync.conf # cmmodpkg -e csyncConfiguring a Synchronization Managed Client On a managed client, use the commandSecurity Notes Choosing a Synchronization Invocation MethodEncryption Key ExchangeCsync Network Port Usage Encryption Checksum alertsChecksum Alerts Disabling Use of cfengineLogging Options # /sbin/init.d/cfservd stop#cfagent -K Cfengine TroubleshootingSyntax error due to missing or superfluous spaces Unable to connect to a cfengine client or masterCfagent -d, -d1, -d2, or -d3 cfservd Cfrun Syslog Message Format Consolidated LoggingIntroduction to syslog 2describes syslog Facilities MessagesLog Consolidation Overview Message FilteringImproved Log Consolidation Syslog Co-existence Etc/cmcluster/package-name/package-name.log Log Consolidation Configuration Syslog-ng Log Consolidator ConfigurationUsing the Log Consolidation Wizard Configuration Data for clogwizardOpt/dsau/sbin/clogwizard Where N is the expected number of clients Answer yes y or press Enter. The next question isAnswer yes y. The wizard then prompts If these choices are correct, continue Next prompt is Log files that reside on this cluster can be consolidated Consolidated package logs would be located here Cluster Configuration Notes for clog Minimizing Message Loss During Failover Configuring a Log Forwarding Client Using clogwizard Or press Enter. The next question isEnter the ssh port to be used for port forwarding Manually Configuring Log Consolidation Manually Configuring a Standalone Log Consolidation Server# /sbin/init.d/syslogd stop # /sbin/init.d/syslogd start Replace the %UDPLOOPBACKLOG% token withFor example, for TCP If using the TCP protocol, add Create the following symbolic linkChange the Clogconfigured line to Add the following linesLog Consolidation Configuration SYSLOGDOPTS=-D -N KEEPALIVE% tokens with appropriate values UDPLOOPBACKSOURCE% and %UDPLOOPBACKLOG% tokens If consolidating package logs of this cluster, add Creating the clog PackageIf using VxVM, comment out the LVM Volume Group line Testing and Starting the clog Package Distribute it cluster-wideThen use cmviewcl to make sure it is running Manually Configuring Log Forwarding Clients Using VxVM Instead of LVMManually Configuring a Standalone Log Forwarding Client Ln -sf /etc/syslog-ng.conf.client /etc/syslog-ng.conf # /sbin/init.d/syslog-ng start # cpp /etc/rc.config.d/syslogd /etc/rc.config.d Destination dsyslog%TYPE% %TYPE%%IP%port%PORT% Otherwise, if using the UDP protocol, add If using the TCP protocol, add the following linesIf using ssh port forwarding, add Create the following symbolic link on each cluster memberStart syslog-ngon all cluster members using Forwarding Ascii Log DataFor the destination line For the filter lineConsolidating Package Logs on the Log Consolidation Server For the log lineDisabling a Standalone Log Consolidation System Perform the following steps to disable log consolidationDisabling Log Consolidation #/sbin/init.d/syslogd stop#/sbin/init.d/syslogd start Disabling a Serviceguard Cluster Log Consolidation SystemDisabling a Standalone Log Forwarding Client # /sbin/init.d/syslog-ng stopDisabling a Serviceguard Cluster Log Forwarding Client #/sbin/init.d/syslogd stop #/sbin/init.d/syslogd startSecuring Consolidated Logs Log File ProtectionsSsh Port Forwarding Using Bastille to Harden the System Clog Network Port Usage# cd /opt/ssh/etc # ccp sshhost* /opt/ssh/etc Starting System Management Homepage Using the System and Consolidated Log ViewerViewing System and Consolidated Logs To log in to the System Management Homepage, navigate toViewing System and Consolidated Logs Page Command Fanout Parallel Distributed ShellSystems Pdsh Utility WrappersAll nodes Cwall displays a wall1M broadcast message on multiple hostsSsh Security Setup Security ConfigurationRemote Shell Security Setup # csshsetup -r -f memberslist.txtRsh Command Messages Command Fanout TroubleshootingSsh Command Messages Target Node Error MessagesHP-Supported Open Source pdsh Options Page Index CfanouthostsLVM UDP