where the <%IP%> is replaced by the server’s IP address or local hostname and the <%PORT%> is replaced by the selected TCP port number.
For UDP:
destination d_syslog_udp { udp(“local_hostname” port(514)); }
where <%IP%> is replaced by the server’s IP address or local hostname and the <%PORT%> token is replaced by 514, the standard syslog UDP port.
•Replace the<%FS%> token with the filesystem or directory where the consolidated logs will be kept. For example,
destination d_syslog { file(“<%FS%>/syslog/syslog.log”); }; becomes:
destination d_syslog { file(“/clog/syslog/syslog.log”); };
Make sure that this directory exists or the appropriate filesystem is mounted. Since consolidated logs can grow quite large, HP recommends that this filesystem use the largefiles option and that there is sufficient room for growth.
•When using TCP, record the port number you choose above in the /etc/services file. For example, add the line:
clog_tcp 1776/tcp | # Consolidated logging with |
•Create the following symbolic link:
ln
•The
—Change the CLOG_CONFIGURED line to:
CLOG_CONFIGURED=1
—Add the following lines:
CLOG_CONSOLIDATOR=1
CLOG_FS=directory where the consolidated logs will be stored
If using the TCP protocol, add:
CLOG_TCP=1
CLOG_TCP_PORT=tcp port chosen for log consolidation otherwise, if using the UDP protocol, add:
CLOG_TCP=0
If consolidating the local syslogs, add:
CLOG_SYSLOG=1 otherwise add:
CLOG_SYSLOG=0
For a standalone consolidator, add the following:
CLOG_SYSTEM_LOG_CONSOLIDATION_DIR=<consolidated log directory/syslog>
CLOG_SERVICEGUARD_PACKAGE_LOG_CONSOLIDATION_DIR=<consolidated log directory/packages>
—Add the following two values that are used by the System and Consolidated Log Viewer:
CLOG_LAYOUTS_DIR=/var/opt/dsau/layouts CLOG_ADDITIONAL_LOG_DIRS[0]=/var/adm/syslog
•Test the configuration by performing the following steps:
58 Consolidated Logging