a.If configuring the system to forward its syslogs to the consolidation server, replace the <%UDP_LOOPBACK_SOURCE%> token with:
source s_syslog_udp { udp(port(514)); };
Replace the <%UDP_LOOPBACK_LOG%> token with:
log { source(s_syslog_udp); destination(d_syslog_type); };
where type is either tcp or udp depending on the desired log transport. This causes
b.Replace all the <%TYPE%> tokens with either tcp or udp depending on the desired log transport.
c.Find the line
“destination d_syslog_<%TYPE%>{<%TYPE%>(“<%IP%>” port(<%PORT%>)); };”
If using the UDP protocol, replace <%IP%> with the IP address of the log consolidation server and <%PORT%> with 514, the standard UDP port.
If using the TCP protocol with ssh port forwarding, replace <%IP%> with 127.0.0.1 and <%PORT%> with the port chosen for ssh port forwarding. The same guidelines for choosing a free
If using the TCP protocol without ssh port forwarding, replace <%IP%> with the IP address of the log consolidation server and <%PORT%> with TCP port chosen on the log consolidator used for log consolidation.
d.Create the following symbolic link:
ln
3.3 Log Consolidation Configuration | 67 |