Figure 3-1 syslog-ng Log-Forwarding Configuration

1.The grey area represents standard syslogd operation. Applications such as Serviceguard’s cmcld daemon call syslog (see syslog(3C)) to send messages to syslogd. syslog writes messages to the local system’s /var/adm/syslog/syslog.log and related files.

Applications also frequently have application-specific log files. In this example, Serviceguard maintains a log of package operations in

/etc/cmcluster/package-name/package-name.log.

2.The clog_tail daemon of DSAU, labeled “Log reader” in the diagram, monitors text-based logs and sends new log lines to syslog-ngfor processing. In a Serviceguard cluster, clog_tail defaults to monitoring all the package logs.

3.The log_reader sends all new log messages to a named pipe

(log_consolidation_fifo), which is one of the log sources for syslog-ng.

4.The syslog-ngreads any new data from the named pipe and forwards it to the log consolidation server.

5.The local syslogd, in addition to writing log messages to the local /var/adm/syslog/ syslog.log, is configured to additionally forward all messages to the local instance of syslog-ng. syslog-ngin turn, forwards these messages to the log consolidator. The administrator can choose to use UDP, TCP, or TCP with ssh when forwarding messages.

Figure 3-2illustrates the configuration on the log consolidation server.

44 Consolidated Logging