HP Mini UX System Adstration 3.3Log Consolidation Configuration

Figure 3-2 syslog-ng Log Consolidator Configuration

1.The syslog-ngserver reads the incoming log data from the UDP or TCP connected clients. Note: gray arrows indicate a read operation; black arrows, a write.

2.The grey area is identical to the client configuration in Figure 3-1:“syslog-ngLog-Forwarding Configuration”. In terms of the local system, syslog-ngacts as a client and processes locally forwarded syslog messages and clog_tail messages.

3.The syslog-ngserver processes all messages and filters them into the appropriate consolidated log files. In this specific example, the administrator has created a filesystem named “/clog” to house the consolidated logs. /clog/syslog/ would contain the consolidated syslog-related file. /clog/packages would contain consolidated package logs for a Serviceguard cluster.

3.3Log Consolidation Configuration

The following sections describe how to configure log consolidation servers and log forwarding clients. Configuring a consolidation server is a multi-step process. The clog_wizard tool vastly simplifies the configuration process. If you choose not to use the wizard, the manual configuration steps are also described below.

Configuring Log Consolidation Server in Cross-Subnet Cluster Environments

In a cluster environment, if all the nodes are within the same subnet, then you can configure a server within that cluster environment as the log consolidation server.

However, in a cross-subnet cluster environment, the log consolidation server must be an external system, preferably a quorum server, outside the cross-subnet cluster. You can configure a cross-subnet cluster only as a log forwarding client, with an external system acting as the log consolidation master server. After you configure an external system as the log consolidation master server, the cross-subnet cluster nodes can be configured as log forwarding clients.