If using ssh port forwarding, add | HP UX System Adstration instruction

3.The syslog-ngstartup procedure, /sbin/init.d/syslog-ng, relies on several configuration variables. Edit /etc/rc.config.d/syslog-ngas follows:

a.Change the CLOG_CONFIGURED line to:

CLOG_CONFIGURED=1

b.Add the following lines:

CLOG_CONSOLIDATOR=0

CLOG_CONS_IP=IP address of the log consolidator

c.If using the TCP protocol, add the following lines:

CLOG_TCP=1

CLOG_TCP_PORT=log consolidation server tcp port

If using ssh port forwarding, add:

CLOG_SSH=1

CLOG_SSH_PORT=ssh port chosen otherwise, add:

CLOG_SSH=0

otherwise, if using the UDP protocol, add:

CLOG_TCP=0

If consolidating the local syslogs, add:

CLOG_SYSLOG=1 otherwise add:

CLOG_SYSLOG=0

If consolidating this cluster’s package logs, add:

CLOG_PACKAGE=1 otherwise, add:

CLOG_PACKAGE=0

4.All the files edited thus far need to be distributed cluster-wide:

# ccp /etc/syslog-ng.conf.client /etc/

# ccp /etc/rc.config.d/syslog-ng /etc/rc.config.d/

Create the following symbolic link on each cluster member:

# ln -sf /etc/syslog-ng.conf.client /etc/syslog-ng.conf

5.When using TCP with ssh port forwarding, record the ssh port number you chose above in the /etc/services file. For example, add the line:

clog_ssh 1776/tcp

# Consolidated logging with ssh port forwarding

Add this line to the /etc/services file of each cluster member.

6.To consolidate this cluster’s package logs, additional manual steps are needed on the log consolidation server. Each time a package is created or deleted on this cluster, these steps need to be done. Refer to “Consolidating Package Logs on the Log Consolidation Server” (page 74).

3.3 Log Consolidation Configuration

71

Image 71

HP UX System Adstration manual If using the TCP protocol, add the following lines, If using ssh port forwarding, add

Contents

Distributed Systems Administration Utilities Users Guide Copyright 2009 Hewlett-Packard Development Company, L.P Table of Contents HP-Supported Open Source pdsh Options Index List of Figures Syslog-ngLog-Forwarding Configuration List of Tables Consolidated Logging CommandsTarget Node Error Messages Related Information About this DocumentIntended Audience Typographic Conventions Product Support HP Encourages Your Comments Introduction Command Fanout Commands Distributed Systems Administration Utilities CommandsConfiguration Synchronization Command Consolidated Logging Commands Open Source Components Utility Setup CommandOpen Source cfengine Commands Open Source pdsh Commands Dsau Manual Page Sections Distributed Systems Administration Utilities Manual PagesOpen Source syslog-ng Command Cfengine Overview Configuration Synchronization Configuration Synchronization Cfengine Daemons and Commands Cfengine Overview Cfengine Master Server Deployment Models Using the Configuration Synchronization Wizard Configuring cfengine Wizard displays the following introductory screen Configuration Data for csyncwizard# /opt/dsau/sbin/csyncwizard Wizard proceeds to configure the system as a master server # /opt/dsau/sbin/csyncwizard Configuration Synchronization Configuring cfengine Would you like to manage clients? N Serviceguard Automation Features Cluster Configuration Notes for cfengine Var/opt/dsau/cfengine/inputs directory Opt/dsau/bin/csyncdispatcher Memberadded newhost Using the Wizard to Configure a Synchronization Client When prompted, enter the name of the client to add Manual Configuration # mkdir -p /var/opt/dsau/cfenginemaster/inputs Manually Configuring a Standalone Synchronization ServerStart by creating the directory # cp localhost.pub root-10.0.0.5.pub # /opt/dsau/sbin/cfkey # /var/opt/dsau/cfengine/ppkeys # cfrun -v -- --verbose # /sbin/init.d/cfservd start# cfagent --no-lock --verbose --no-splay # cfrun -- --inform # mkdir -p /csync/dsau/cfenginemaster/masterfiles Initial Serviceguard Package Preparation List Managed Clients in cfrun.hosts Policyhost = csync.abc.xyz.com # /opt/dsau/sbin/cfkey Edit the cfservd.conf File # cexec /sbin/init.d/cfservd start # ccp /etc/rc.config.d/cfservd /etc/rc.config.d/cfservd# cp localhost.pub root-192.10.25.12.pub # ccp * /var/opt/dsau/cfengine/ppkeys # cmapplyconf -P csync.conf # cmmodpkg -e csync Test the configuration by performing the following steps# ccp csync csync.conf /etc/cmcluster/csync Apply the package and start it On a managed client, use the command Configuring a Synchronization Managed Client Choosing a Synchronization Invocation Method Security Notes Encryption Checksum alerts Key ExchangeCsync Network Port Usage Encryption # /sbin/init.d/cfservd stop Disabling Use of cfengineLogging Options Checksum Alerts Unable to connect to a cfengine client or master Cfengine TroubleshootingSyntax error due to missing or superfluous spaces #cfagent -K Cfagent -d, -d1, -d2, or -d3 cfservd Cfrun 2describes syslog Facilities Messages Consolidated LoggingIntroduction to syslog Syslog Message Format Improved Log Consolidation Log Consolidation OverviewMessage Filtering Syslog Co-existence Etc/cmcluster/package-name/package-name.log Syslog-ng Log Consolidator Configuration Log Consolidation Configuration Opt/dsau/sbin/clogwizard Using the Log Consolidation WizardConfiguration Data for clogwizard Answer yes y. The wizard then prompts Where N is the expected number of clientsAnswer yes y or press Enter. The next question is If these choices are correct, continue Next prompt is Log files that reside on this cluster can be consolidated Consolidated package logs would be located here Cluster Configuration Notes for clog Minimizing Message Loss During Failover Or press Enter. The next question is Configuring a Log Forwarding Client Using clogwizard Enter the ssh port to be used for port forwarding Manually Configuring a Standalone Log Consolidation Server Manually Configuring Log Consolidation For example, for TCP # /sbin/init.d/syslogd stop # /sbin/init.d/syslogd startReplace the %UDPLOOPBACKLOG% token with Add the following lines Create the following symbolic linkChange the Clogconfigured line to If using the TCP protocol, add Log Consolidation Configuration SYSLOGDOPTS=-D -N KEEPALIVE% tokens with appropriate values UDPLOOPBACKSOURCE% and %UDPLOOPBACKLOG% tokens Creating the clog Package If consolidating package logs of this cluster, add If using VxVM, comment out the LVM Volume Group line Then use cmviewcl to make sure it is running Testing and Starting the clog PackageDistribute it cluster-wide Manually Configuring a Standalone Log Forwarding Client Manually Configuring Log Forwarding ClientsUsing VxVM Instead of LVM Ln -sf /etc/syslog-ng.conf.client /etc/syslog-ng.conf # /sbin/init.d/syslog-ng start # cpp /etc/rc.config.d/syslogd /etc/rc.config.d Destination dsyslog%TYPE% %TYPE%%IP%port%PORT% Create the following symbolic link on each cluster member If using the TCP protocol, add the following linesIf using ssh port forwarding, add Otherwise, if using the UDP protocol, add Forwarding Ascii Log Data Start syslog-ngon all cluster members using For the filter line For the destination line For the log line Consolidating Package Logs on the Log Consolidation Server #/sbin/init.d/syslogd stop Perform the following steps to disable log consolidationDisabling Log Consolidation Disabling a Standalone Log Consolidation System # /sbin/init.d/syslog-ng stop Disabling a Serviceguard Cluster Log Consolidation SystemDisabling a Standalone Log Forwarding Client #/sbin/init.d/syslogd start #/sbin/init.d/syslogd stop #/sbin/init.d/syslogd start Disabling a Serviceguard Cluster Log Forwarding Client Ssh Port Forwarding Securing Consolidated LogsLog File Protections # cd /opt/ssh/etc # ccp sshhost* /opt/ssh/etc Using Bastille to Harden the SystemClog Network Port Usage To log in to the System Management Homepage, navigate to Using the System and Consolidated Log ViewerViewing System and Consolidated Logs Starting System Management Homepage Viewing System and Consolidated Logs Page Parallel Distributed Shell Command Fanout Cwall displays a wall1M broadcast message on multiple hosts Pdsh Utility WrappersAll nodes Systems # csshsetup -r -f memberslist.txt Security ConfigurationRemote Shell Security Setup Ssh Security Setup Target Node Error Messages Command Fanout TroubleshootingSsh Command Messages Rsh Command Messages HP-Supported Open Source pdsh Options Page Cfanouthosts Index LVM UDP