a.If configuring the system to forward its syslogs to the consolidation server, replace the <%UDP_LOOPBACK_SOURCE%> token with:

source s_syslog_udp { udp(port(514)); };

Replace the <%UDP_LOOPBACK_LOG%> token with:

log { source(s_syslog_udp); destination(d_syslog_type); };

where type is either tcp or udp depending on the desired log transport. This causes syslog-ng to read the local syslogd’s UDP messages and send them to the log consolidation server. If you do not want to consolidate the local syslogs of this system, delete the <%UDP_LOOPBACK_SOURCE%> and <%UDP_LOOPBACK_LOG%> tokens.

b.Replace all the <%TYPE%> tokens with either tcp or udp depending on the desired log transport.

c.Find the line

“destination d_syslog_<%TYPE%>{<%TYPE%>(“<%IP%>” port(<%PORT%>)); };”

If using the UDP protocol, replace <%IP%> with the IP address of the log consolidation server and <%PORT%> with 514, the standard UDP port.

If using the TCP protocol with ssh port forwarding, replace <%IP%> with 127.0.0.1 and <%PORT%> with the port chosen for ssh port forwarding. The same guidelines for choosing a free syslog-ngTCP port apply to this port. For details, refer to “Configuring a Log Consolidation Standalone Server with clog_wizard” (page 46).

Non-interactive secure shell authentication must be set up between this system and the log consolidator (you can use the /opt/dsau/bin/csshsetup tool for the configuration). For details, refer to “ssh Port Forwarding” (page 78).

If using the TCP protocol without ssh port forwarding, replace <%IP%> with the IP address of the log consolidation server and <%PORT%> with TCP port chosen on the log consolidator used for log consolidation.

d.Create the following symbolic link:

ln -sf /etc/syslog-ng.conf.client /etc/syslog-ng.conf

3.3 Log Consolidation Configuration

67