HP Mini UX System Adstration manual 70

2.To configure syslog-ng, start with the same syslog-ng.conf templates used by the clog_wizard.

On one cluster member, copy the /opt/dsau/share/clog/templates/ syslog-ng.conf.client.template to /etc/syslog-ng.conf.client. This file contains tokens named <%token-name%> which are replaced by the wizard based on the administrator’s answers to the wizard’s questions.

Manually replace the tokens in /etc/syslog-ng.conf.clientas follows:

a.If configuring the cluster to forward its syslogs to the consolidation server, replace the <%UDP_LOOPBACK_SOURCE%> token with:

source s_syslog_udp { udp(port(514)); };

Replace the <%UDP_LOOPBACK_LOG%> token with:

log { source(s_syslog_udp); destination(d_syslog_type); };

where type is either tcp or udp depending on the desired log transport. This causes syslog-ng to read the local syslogd’s UDP messages and send them to the log consolidation server. If you do not want to consolidate the local syslogs of this cluster, delete the <%UDP_LOOPBACK_SOURCE%> and <%UDP_LOOPBACK_LOG%> tokens.

b.Replace all the <%TYPE%> tokens with either tcp or udp depending on the desired log transport.

c.Find the line

“destination d_syslog_<%TYPE%> {<%TYPE%>(“<%IP%>”port(<%PORT%>)); };”

If using the UDP protocol, replace <%IP%> with the IP address of the log consolidation server and <%PORT%> with 514, the standard UDP port. If using TCP protocol with ssh port forwarding, replace <%IP%> with 127.0.0.1 and <%PORT%> with the port chosen for ssh port forwarding. The same guidelines for choosing a free syslog-ngTCP port apply to this port. For details, refer to “Configuring a Log Consolidation Standalone Server with clog_wizard” (page 46). (Note that the ssh port chosen should be a free port on all cluster members). Non-interactive secure shell authentication must be set up between each member of this cluster and the log consolidator (can use /opt/dsau/bin/csshsetup tool for the configuration). For details, refer to “ssh Port Forwarding” (page 78).

If using the TCP protocol without ssh port forwarding, replace <%IP%> with the IP address of the log consolidation server and <%PORT%> with TCP port chosen on the log consolidator used for log consolidation.

70 Consolidated Logging