Creating a symbolic link from /etc/syslog-ng.conf to the /etc/syslog-ng.conf.client configuration file.

Creating /etc/rc.config.d/syslog-ng, the log consolidation configuration file. Updating the syslog configuration:

Updating the /etc/rc.config.d/syslogd file to add -N to SYSLOGD_OPTS. This stops syslogd from listening to UDP port 514.

Updating the /etc/syslog.conf file for UDP local loopback.

Starting syslogd for the configuration changes to take effect.

Registering the log consolidation ports in the /etc/services file.

Starting syslog-ng.

Successfully configured clustername as a log consolidation client.

For additional information on the configuration actions performed by the clog_wizard, refer to “Manually Configuring a Serviceguard Cluster as a Log Consolidation Server” (page 59).

3.3.2 Manually Configuring Log Consolidation

If you choose not to use the Consolidated Logging Wizard, use the following sections for the manual steps required to configure a log consolidation server and log forwarding clients. Because there are many steps required to set up clients and servers, HP recommends using the clog_wizard.

Manual configuration is required for the following cases:

When a cluster is a log forwarding client and forwarding package logs, manual configuration is required on the consolidation server (standalone or cluster) to filter the package logs appropriately.

When configuring a Serviceguard Cluster as a log consolidator and you require:

Special customization of the clog package

Use of VxVM instead of LVM

Use of the Cluster File System (CFS)

It is often simplest to run the wizard and let it complete the basic configuration and then customize, starting from that point.

The following sections describe the steps required to configure log consolidation systems manually. The systems you can configure manually are:

Standalone log consolidation server

Serviceguard cluster log consolidation server

3.3.2.1Manually Configuring a Standalone Log Consolidation Server

Start by configuring the standard syslogd to co-exist with a syslog-ngconsolidator. By default, syslogd listens for incoming log messages on UDP port 514. If you want to accept UDP syslog messages from remote clients or consolidate this server’s local syslogs, syslog-ngmust listen on UDP port 514. Edit /etc/rc.config.d/syslogd and change SYSLOGD_OPTS to add the -Nswitch, which prevents syslogd from listening on port 514. For example:

SYSLOGD_OPTS=“-D -N”

If you want the local syslog messages from the log consolidation server itself to be part of the consolidated syslog, edit the consolidator’s /etc/syslog.conf file to forward log messages to port 514 on the local host where they will be read by syslog-ng. Using the HP-UX default /etc/syslog.conf as an example, add the following lines:

mail.debug@log-consolidation-server

*.info;mail.none @log-consolidation-server

56 Consolidated Logging

Page 56
Image 56
HP UX System Adstration Manually Configuring Log Consolidation, Manually Configuring a Standalone Log Consolidation Server