HP UX System Adstration manual For the destination line, For the filter line

Page 73

If the text file is already formatted using the syslog-compatible format shown above, then add the corresponding CLOG_TEXT_FORMAT[n]entry with a value of “syslog”.

For example,

CLOG_TEXT_LOG[2]=/var/adm/app/logs/app.log

CLOG_TEXT_FORMAT[2]="syslog"

If no CLOG_TEXT_FORMAT[]entry is made for a corresponding

CLOG_TEXT_LOG[]entry, the default is “custom”.

For an example of a file in syslogformat, see the actual system log file /var/adm/

syslog/syslog.log.

3.After completing the required edits, there are two ways to initiate forwarding for the new log files:

Restarting syslog-ng(recommended if not in a production environment)

Manual restart, that does not disrupt syslog-ng

The procedures are the following:

Restart syslog-ng. For example, issue the following command:

/sbin/init.d/syslog-ng restart

This will disrupt syslog-ngand may cause loss of messages that are being forwarded or consolidated. If your system is not in a production environment, and losing some messages is acceptable, this method is preferable to using the more difficult manual restart.

Start the clog_tail process manually for the text log file.

If the text log file is in syslog format, use the following command:

/opt/dsau/bin/clog_tail -q -n 0 -p log_file_path

If the text log file is in a custom format, use the following command:

/opt/dsau/bin/clog_tail -q -n 0 -p -a log_file_path where log_file_path is the complete path to the ASCII log file.

For example, for a log called myapp.log in custom format, the following command starts clog_tail:

# /opt/dsau/bin/clog_tail -q -n 0 -p -a /var/opt/myapp/myapp.log

If the system is a Serviceguard cluster, copy the edited /etc/rc.config.d/ syslog-ngfile cluster-wide with the following command:

# ccp /etc/syslog-ng.conf.server /etc/

Either restart syslog-ngor start the clog_tail of the text-logon all cluster nodes.

3.3.2.3.3.2 Consolidating Text Logs on the Log Consolidation Server

To consolidate the text logs forwarded from clients to a Log Consolidation Server, complete the following tasks on the Log Consolidation Server:

1.For each text log that will be forwarded from a client, add the following destination, filter and log lines to the file syslog-ng.conf.server, after the section called

HP_AUTOMATED_LOG_FILE_CONSOLIDATION:

For the destination line:

destination d_node1_text1{ file(“fs/textdir/node1_text1.log”); };

For the filter line:

filter f_node1_text1{ program(node1_text1.log); };

3.3 Log Consolidation Configuration

73

Page 72 Page 74
Image 73
Page 72 Page 74
Contents Distributed Systems Administration Utilities Users Guide Copyright 2009 Hewlett-Packard Development Company, L.P Table of Contents HP-Supported Open Source pdsh Options Index List of Figures Syslog-ngLog-Forwarding ConfigurationTarget Node Error Messages Consolidated Logging CommandsList of Tables Intended Audience About this DocumentTypographic Conventions Related InformationProduct Support HP Encourages Your Comments Introduction Configuration Synchronization Command Distributed Systems Administration Utilities CommandsConsolidated Logging Commands Command Fanout CommandsOpen Source cfengine Commands Utility Setup CommandOpen Source pdsh Commands Open Source ComponentsOpen Source syslog-ng Command Distributed Systems Administration Utilities Manual PagesDsau Manual Page Sections Cfengine Overview Configuration SynchronizationConfiguration Synchronization Cfengine Daemons and CommandsCfengine Overview Cfengine Master Server Deployment ModelsUsing the Configuration Synchronization Wizard Configuring cfengine# /opt/dsau/sbin/csyncwizard Configuration Data for csyncwizardWizard displays the following introductory screen Wizard proceeds to configure the system as a master server # /opt/dsau/sbin/csyncwizard Configuration Synchronization Configuring cfengine Would you like to manage clients? N Serviceguard Automation Features Cluster Configuration Notes for cfengineVar/opt/dsau/cfengine/inputs directory Opt/dsau/bin/csyncdispatcher Memberadded newhost Using the Wizard to Configure a Synchronization ClientWhen prompted, enter the name of the client to add Manual ConfigurationStart by creating the directory Manually Configuring a Standalone Synchronization Server# mkdir -p /var/opt/dsau/cfenginemaster/inputs # cp localhost.pub root-10.0.0.5.pub # /opt/dsau/sbin/cfkey # /var/opt/dsau/cfengine/ppkeys# cfagent --no-lock --verbose --no-splay # /sbin/init.d/cfservd start# cfrun -- --inform # cfrun -v -- --verbose# mkdir -p /csync/dsau/cfenginemaster/masterfiles Initial Serviceguard Package PreparationList Managed Clients in cfrun.hosts Policyhost = csync.abc.xyz.com# /opt/dsau/sbin/cfkey Edit the cfservd.conf File# cp localhost.pub root-192.10.25.12.pub # ccp /etc/rc.config.d/cfservd /etc/rc.config.d/cfservd# ccp * /var/opt/dsau/cfengine/ppkeys # cexec /sbin/init.d/cfservd start# ccp csync csync.conf /etc/cmcluster/csync Test the configuration by performing the following stepsApply the package and start it # cmapplyconf -P csync.conf # cmmodpkg -e csyncOn a managed client, use the command Configuring a Synchronization Managed ClientChoosing a Synchronization Invocation Method Security NotesCsync Network Port Usage Key ExchangeEncryption Encryption Checksum alertsLogging Options Disabling Use of cfengineChecksum Alerts # /sbin/init.d/cfservd stopSyntax error due to missing or superfluous spaces Cfengine Troubleshooting#cfagent -K Unable to connect to a cfengine client or masterCfagent -d, -d1, -d2, or -d3 cfservd Cfrun Introduction to syslog Consolidated LoggingSyslog Message Format 2describes syslog Facilities MessagesMessage Filtering Log Consolidation OverviewImproved Log Consolidation Syslog Co-existence Etc/cmcluster/package-name/package-name.log Syslog-ng Log Consolidator Configuration Log Consolidation ConfigurationConfiguration Data for clogwizard Using the Log Consolidation WizardOpt/dsau/sbin/clogwizard Answer yes y or press Enter. The next question is Where N is the expected number of clientsAnswer yes y. The wizard then prompts If these choices are correct, continue Next prompt is Log files that reside on this cluster can be consolidated Consolidated package logs would be located here Cluster Configuration Notes for clog Minimizing Message Loss During Failover Or press Enter. The next question is Configuring a Log Forwarding Client Using clogwizardEnter the ssh port to be used for port forwarding Manually Configuring a Standalone Log Consolidation Server Manually Configuring Log ConsolidationReplace the %UDPLOOPBACKLOG% token with # /sbin/init.d/syslogd stop # /sbin/init.d/syslogd startFor example, for TCP Change the Clogconfigured line to Create the following symbolic linkIf using the TCP protocol, add Add the following linesLog Consolidation Configuration SYSLOGDOPTS=-D -N KEEPALIVE% tokens with appropriate values UDPLOOPBACKSOURCE% and %UDPLOOPBACKLOG% tokens Creating the clog Package If consolidating package logs of this cluster, addIf using VxVM, comment out the LVM Volume Group line Distribute it cluster-wide Testing and Starting the clog PackageThen use cmviewcl to make sure it is running Using VxVM Instead of LVM Manually Configuring Log Forwarding ClientsManually Configuring a Standalone Log Forwarding Client Ln -sf /etc/syslog-ng.conf.client /etc/syslog-ng.conf # /sbin/init.d/syslog-ng start # cpp /etc/rc.config.d/syslogd /etc/rc.config.d Destination dsyslog%TYPE% %TYPE%%IP%port%PORT% If using ssh port forwarding, add If using the TCP protocol, add the following linesOtherwise, if using the UDP protocol, add Create the following symbolic link on each cluster memberForwarding Ascii Log Data Start syslog-ngon all cluster members usingFor the filter line For the destination lineFor the log line Consolidating Package Logs on the Log Consolidation ServerDisabling Log Consolidation Perform the following steps to disable log consolidationDisabling a Standalone Log Consolidation System #/sbin/init.d/syslogd stopDisabling a Standalone Log Forwarding Client Disabling a Serviceguard Cluster Log Consolidation System#/sbin/init.d/syslogd start # /sbin/init.d/syslog-ng stop#/sbin/init.d/syslogd stop #/sbin/init.d/syslogd start Disabling a Serviceguard Cluster Log Forwarding ClientLog File Protections Securing Consolidated LogsSsh Port Forwarding Clog Network Port Usage Using Bastille to Harden the System# cd /opt/ssh/etc # ccp sshhost* /opt/ssh/etc Viewing System and Consolidated Logs Using the System and Consolidated Log ViewerStarting System Management Homepage To log in to the System Management Homepage, navigate toViewing System and Consolidated Logs Page Parallel Distributed Shell Command FanoutAll nodes Pdsh Utility WrappersSystems Cwall displays a wall1M broadcast message on multiple hostsRemote Shell Security Setup Security ConfigurationSsh Security Setup # csshsetup -r -f memberslist.txtSsh Command Messages Command Fanout TroubleshootingRsh Command Messages Target Node Error MessagesHP-Supported Open Source pdsh Options Page Cfanouthosts IndexLVM UDP
Top Page Image Contents