HP UX System Adstration 3.3.1.6 Configuring a Log Forwarding Client Using clog

3.3.1.6 Configuring a Log Forwarding Client Using clog_wizard

There are two ways to configure a log forwarding client: as a standalone machine or as a Serviceguard cluster. When configuring a cluster as a log forwarding client, all the members of the cluster will be configured identically as clients. The wizard asks the same questions and performs the same configuration actions for single systems and for clusters. The examples below show use of the clog wizard on a Serviceguard cluster. After starting clog_wizard, answer “yes” to the following question:

Do you want to configure log consolidation? (y/n) [y]:

or press Enter. The next question is:

You can configure this cluster cluster_member as either a:

-Consolidation server

-Client that forwards logs to a remote consolidation server

Do you want to configure cluster_member as a Consolidation Server? (y/n) [y]: n

Answer “No” here. At this point you are configuring a log forwarding client. The wizard displays the following:

You now need to specify which system will be the consolidator. If the consolidator is a Serviceguard cluster, specify the IP address of the "clog" Serviceguard package for this question. The "clog" package makes log consolidation highly

available on the consolidator.

The consolidation server must already be configured.

Enter the hostname or IP address of the consolidator []: clog.usa.xyz.com

After entering the hostname or IP address of the log consolidation server, the wizard asks if you want to use the TCP transport when forwarding log messages:

You can choose to forward logs to the consolidator using either the UDP protocol or the TCP protocol (recommended).

Do you want to use the TCP protocol? (y/n) [y]:

Standard syslogd forwards messages using the UDP protocol. UDP is a high-performance, broadcast-oriented protocol with no flow control or message delivery verification. syslog-ngsupports syslogd’s UDP protocol and a TCP protocol. The TCP transport offers both flow control and message delivery checks. However, since TCP is a connection-oriented protocol, it requires additional resources on the log consolidation server. The consolidation server’s max-connectionsattribute must be set according to the maximum number of expected clients. Refer to the section “Configuring a Log Consolidation Standalone Server with clog_wizard” (page 46) for a discussion of the max-connectionssetting.

If you answer “yes” to using TCP, the next question asks for the TCP port to forward messages to:

Ask the administrator of the consolidation server which TCP port was configured for receiving logs.

Enter the TCP port configured on the CONSOLIDATOR for receiving logs []: 1776

You must use the TCP port selected by the system administrator of the log consolidation server. If the clog_wizard was used to configure the server, the port number is saved in /etc/rc.config.d/syslog-ngas the variable CLOG_TCP_PORT. In this example, TCP port

1776 was used. If you answer “yes” to the TCP question, the following question is displayed:

The TCP protocol can be used together with Secure Shell port forwarding to enhance security. Each member of this cluster must already have non interactive Secure

54 Consolidated Logging