HP UX System Adstration manual Consolidating Package Logs on the Log Consolidation Server

Page 74

For the log line:

log { source(s_syslog_type); filter (f_node1_text1);destination(d_node1_text1); flags(final);};

where text1 is the text logfile name, node1 is the relocatable IP address (for a Serviceguard cluster) or hostname (for a non-Serviceguard cluster) that is forwarding this text log, fs is the filesystem on the log consolidator where the consolidated logs will be stored, type is the “s_source” definition, either _tcp or _udp, depending on the log transport selected, and textdir is the name of the directory where you plan to store all text logs.

2.If the log consolidator is a Serviceguard cluster, make sure to copy the edited /etc/ syslog-ng.conf.serverfile cluster-wide with the following command:

# ccp /etc/syslog-ng.conf.server /etc/

3.sighup syslog-ngon the log consolidator so that it rereads its configuration file. (sighup is a UNIX method for restarting a process.) On a Serviceguard log consolidator, sighup syslog-ngonly on the adoptive node of the clog package.

3.3.2.3.3.3 Stopping Consolidation of Text Logs

To stop consolidation of text logs, complete the following tasks for each system where you plan to stop log consolidation:

1.Edit the system’s /etc/rc.config.d/syslog-ngfile. For each ASCII log file you plan to stop consolidating, do the following:

Remove the CLOG_TEXT_LOG[] and the corresponding CLOG_TEXT_FORMAT[] entry for that text log, if present.

For example, to stop consolidation of the text log myapp.log, remove the following entries from the /etc/rc.config.d/syslog-ngfile:

CLOG_TEXT_LOG[4]=/var/opt/myapp.log CLOG_TEXT_FORMAT[4]="syslog"

2.After making the required edits, restart syslog-ngusing the command:

/sbin/init.d.syslog-ng restart so that the changes to the /etc/rc/config.d/ syslog-ng file take effect.

If the system is a Serviceguard cluster, copy the edited /etc/rc.config.d/syslog-ngfile cluster-wide with the following command:

# ccp /etc/syslog-ng.conf.server /etc/

Restart syslog-ngon all cluster nodes.

3.For each text log that is deleted from a client that is forwarding its text logs, delete the corresponding destination, filter and log lines from the /etc/syslog-ng.conf.serverfile of the log consolidator. syslog-ngon the log consolidator must be sighup’d so that it rereads this configuration file.

On a Serviceguard log consolidator, the updated /etc/syslog-ng.conf.serverfile must be distributed cluster-wide. However, the sighup of syslog-ngneeds to be done only on the adoptive node of the clog package.

3.3.2.4Consolidating Package Logs on the Log Consolidation Server

When remote Serviceguard clusters forward package log data to a log consolidation server, the default is to place all forwarded log messages in the consolidated syslog.log file on the consolidation server. It can be much more convenient to place these messages in cluster-specific consolidated package log files instead of in the consolidated syslog.log file. This can be achieved using syslog-ng’s filtering rules as follows:

74 Consolidated Logging

Page 73 Page 75
Image 74
Page 73 Page 75
Contents Distributed Systems Administration Utilities Users Guide Copyright 2009 Hewlett-Packard Development Company, L.P Table of Contents HP-Supported Open Source pdsh Options Index Syslog-ngLog-Forwarding Configuration List of FiguresList of Tables Consolidated Logging CommandsTarget Node Error Messages Typographic Conventions About this DocumentIntended Audience Related InformationProduct Support HP Encourages Your Comments Introduction Consolidated Logging Commands Distributed Systems Administration Utilities CommandsConfiguration Synchronization Command Command Fanout CommandsOpen Source pdsh Commands Utility Setup CommandOpen Source cfengine Commands Open Source ComponentsDsau Manual Page Sections Distributed Systems Administration Utilities Manual PagesOpen Source syslog-ng Command Configuration Synchronization Cfengine OverviewCfengine Daemons and Commands Configuration SynchronizationCfengine Master Server Deployment Models Cfengine OverviewConfiguring cfengine Using the Configuration Synchronization WizardWizard displays the following introductory screen Configuration Data for csyncwizard# /opt/dsau/sbin/csyncwizard Wizard proceeds to configure the system as a master server # /opt/dsau/sbin/csyncwizard Configuration Synchronization Configuring cfengine Would you like to manage clients? N Cluster Configuration Notes for cfengine Serviceguard Automation FeaturesVar/opt/dsau/cfengine/inputs directory Using the Wizard to Configure a Synchronization Client Opt/dsau/bin/csyncdispatcher Memberadded newhostManual Configuration When prompted, enter the name of the client to add# mkdir -p /var/opt/dsau/cfenginemaster/inputs Manually Configuring a Standalone Synchronization ServerStart by creating the directory # /opt/dsau/sbin/cfkey # /var/opt/dsau/cfengine/ppkeys # cp localhost.pub root-10.0.0.5.pub# cfrun -- --inform # /sbin/init.d/cfservd start# cfagent --no-lock --verbose --no-splay # cfrun -v -- --verboseInitial Serviceguard Package Preparation # mkdir -p /csync/dsau/cfenginemaster/masterfilesPolicyhost = csync.abc.xyz.com List Managed Clients in cfrun.hostsEdit the cfservd.conf File # /opt/dsau/sbin/cfkey# ccp * /var/opt/dsau/cfengine/ppkeys # ccp /etc/rc.config.d/cfservd /etc/rc.config.d/cfservd# cp localhost.pub root-192.10.25.12.pub # cexec /sbin/init.d/cfservd startApply the package and start it Test the configuration by performing the following steps# ccp csync csync.conf /etc/cmcluster/csync # cmapplyconf -P csync.conf # cmmodpkg -e csyncConfiguring a Synchronization Managed Client On a managed client, use the commandSecurity Notes Choosing a Synchronization Invocation MethodEncryption Key ExchangeCsync Network Port Usage Encryption Checksum alertsChecksum Alerts Disabling Use of cfengineLogging Options # /sbin/init.d/cfservd stop#cfagent -K Cfengine TroubleshootingSyntax error due to missing or superfluous spaces Unable to connect to a cfengine client or masterCfagent -d, -d1, -d2, or -d3 cfservd Cfrun Syslog Message Format Consolidated LoggingIntroduction to syslog 2describes syslog Facilities MessagesImproved Log Consolidation Log Consolidation OverviewMessage Filtering Syslog Co-existence Etc/cmcluster/package-name/package-name.log Log Consolidation Configuration Syslog-ng Log Consolidator ConfigurationOpt/dsau/sbin/clogwizard Using the Log Consolidation WizardConfiguration Data for clogwizard Answer yes y. The wizard then prompts Where N is the expected number of clientsAnswer yes y or press Enter. The next question is If these choices are correct, continue Next prompt is Log files that reside on this cluster can be consolidated Consolidated package logs would be located here Cluster Configuration Notes for clog Minimizing Message Loss During Failover Configuring a Log Forwarding Client Using clogwizard Or press Enter. The next question isEnter the ssh port to be used for port forwarding Manually Configuring Log Consolidation Manually Configuring a Standalone Log Consolidation ServerFor example, for TCP # /sbin/init.d/syslogd stop # /sbin/init.d/syslogd startReplace the %UDPLOOPBACKLOG% token with If using the TCP protocol, add Create the following symbolic linkChange the Clogconfigured line to Add the following linesLog Consolidation Configuration SYSLOGDOPTS=-D -N KEEPALIVE% tokens with appropriate values UDPLOOPBACKSOURCE% and %UDPLOOPBACKLOG% tokens If consolidating package logs of this cluster, add Creating the clog PackageIf using VxVM, comment out the LVM Volume Group line Then use cmviewcl to make sure it is running Testing and Starting the clog PackageDistribute it cluster-wide Manually Configuring a Standalone Log Forwarding Client Manually Configuring Log Forwarding ClientsUsing VxVM Instead of LVM Ln -sf /etc/syslog-ng.conf.client /etc/syslog-ng.conf # /sbin/init.d/syslog-ng start # cpp /etc/rc.config.d/syslogd /etc/rc.config.d Destination dsyslog%TYPE% %TYPE%%IP%port%PORT% Otherwise, if using the UDP protocol, add If using the TCP protocol, add the following linesIf using ssh port forwarding, add Create the following symbolic link on each cluster memberStart syslog-ngon all cluster members using Forwarding Ascii Log DataFor the destination line For the filter lineConsolidating Package Logs on the Log Consolidation Server For the log lineDisabling a Standalone Log Consolidation System Perform the following steps to disable log consolidationDisabling Log Consolidation #/sbin/init.d/syslogd stop#/sbin/init.d/syslogd start Disabling a Serviceguard Cluster Log Consolidation SystemDisabling a Standalone Log Forwarding Client # /sbin/init.d/syslog-ng stopDisabling a Serviceguard Cluster Log Forwarding Client #/sbin/init.d/syslogd stop #/sbin/init.d/syslogd startSsh Port Forwarding Securing Consolidated LogsLog File Protections # cd /opt/ssh/etc # ccp sshhost* /opt/ssh/etc Using Bastille to Harden the SystemClog Network Port Usage Starting System Management Homepage Using the System and Consolidated Log ViewerViewing System and Consolidated Logs To log in to the System Management Homepage, navigate toViewing System and Consolidated Logs Page Command Fanout Parallel Distributed ShellSystems Pdsh Utility WrappersAll nodes Cwall displays a wall1M broadcast message on multiple hostsSsh Security Setup Security ConfigurationRemote Shell Security Setup # csshsetup -r -f memberslist.txtRsh Command Messages Command Fanout TroubleshootingSsh Command Messages Target Node Error MessagesHP-Supported Open Source pdsh Options Page Index CfanouthostsLVM UDP
Top Page Image Contents