HP Mini UX System Adstration 3.3.1.4 Serviceguard Automation Features, 3.3.1.3 Cluster Configuration Notes for clog

Creating /etc/rc.config.d/syslog-ng, the log consolidation configuration file.

Updating the syslog configuration:

Updating the /etc/rc.config.d/syslogd file to add -N to SYSLOGD_OPTS. This stops syslogd from listening to UDP port 514.

Updating the /etc/syslog.conf file for UDP local loopback.

Starting syslogd for the configuration changes to take effect.

Registering the log consolidation ports in the /etc/services file.

Starting syslog-ng.

Setting up the log consolidation server to be highly available.

Configuring the "clog" Serviceguard package.

Applying the "clog" Serviceguard package configuration file.

This will take a moment.

Starting the "clog" Serviceguard package. This will take a few moments...

The "clog" Serviceguard package has been started on cluster_member.

Successfully created the "clog" Serviceguard package.

Successfully configured cluster_member as a log consolidation server.

In a Serviceguard cluster, the adoptive node for the clog package performs the log consolidation functions. All the other cluster members participate as log forwarding clients and send log messages to the relocatable IP address of the clog package.

DSAU maintains two configuration files that control whether the instance of syslog-ng on a particular cluster member operates as a consolidation server or a log forwarding client: /etc/syslog-ng.conf.server and /etc/syslog-ng.conf.client. The symbolic link /etc/syslog-ng.conf points to one of the configuration files. When the cluster is booted, all the members start as log forwarding clients with syslog-ng running on each member. The /sbin/init.d/syslog-ng startup script sets the symbolic link /etc/syslog-ng.conf to point to /etc/syslog-ng.conf.client.

When the clog package starts, the adoptive node restarts that instance of syslog-ngas a log consolidation server instance. The package script resets the /etc/syslog-ng.confsymbolic link to point to /etc/syslog-ng.conf.server. If the clog package is halted, the symlink is changed to point to /etc/syslog-ng.conf.clientand the syslog-nginstance on that member restarted. Note that when a cluster is a log consolidation server, and the package is down, no log consolidation occurs and forwarded log messages are lost.

Cluster members can forward log messages to the consolidator using either UDP or TCP. Within a Serviceguard cluster, ssh port forwarding is not used. ssh port forwarding can be used to secure the log traffic forwarded by remote clients outside the cluster. For additional information, refer to “ssh Port Forwarding” (page 78).

The Distributed Systems Administration Utilities require Serviceguard 11.17 or later. With Serviceguard 11.17 or later, when members are added to or deleted from cluster or packages are

52 Consolidated Logging