HP UX System Adstration Start syslog-ngon all cluster members using, Forwarding Ascii Log Data

7.Test the configuration by performing the following steps:

a.Run /opt/dsau/sbin/syslog-ng with the -s or --syntax-only option to verify the syntax of the/etc/syslog-ng.conf file. This should be a symbolic link to /etc/ syslog-ng.conf.client as described above.

b.Start syslog-ngon all cluster members using

# cexec “/sbin/init.d/syslog-ng start”

c.If consolidating the local syslogs, use “logger test-message” and make sure this message is in the consolidated syslog.log on the log consolidation server. Note that the logger messages are first sent to the local syslog which forwards them to syslog-ng. By default, syslogd suppresses duplicate messages. If you issue multiple logger test messages, make sure each is unique.

3.3.2.3.3 Forwarding ASCII Log Data

The Consolidated Logging Wizard can automatically configure Serviceguard package logs to be monitored and forwarded as if they were syslog data. These logs are standard ASCII log files. For manual configurations, setting CLOG_PACKAGE=1, as described in “Manually Configuring a Serviceguard Cluster as a Log Forwarding Client” (page 68), automatically takes care of package log forwarding.

You can manually configure log consolidation for arbitrary ASCII log files using the following procedures for:

•Forwarding text logs for consolidation

•Consolidating text logs on the log consolidation server

3.3.2.3.3.1 Forwarding Text Logs for Consolidation

This procedure contains several steps:

1.Make sure the system is configured as a log consolidation client or server. (Check the /etc/ rc.config.d/syslog-ngfile: if CLOG_CONFIGURED=1, the system is configured.) If not, use the Consolidated Logging wizard or the manual configuration methods described in this document to configure the system for log consolidation.

2.Edit the system’s /etc/rc.config.d/syslog-ngfile. For each ASCII log file you plan to consolidate, do the following:

•Add an entry to the CLOG_TEXT_LOG[]array, starting at array index 0. The value for the array entry must be a complete path to the ASCII log file. For example,

CLOG_TEXT_LOG[0]=/var/opt/myapp/myapp.log CLOG_TEXT_LOG[1]=/var/adm/logs/mylog.log

•By default, as each line of the text log is forwarded to the log consolidator, values for several parameters are prepended to each record make the record compatible with syslog record format.

—If the system is part of a Serviceguard cluster, the following values are prepended: date timestamp hostname clustername_logfilename

—If the system is not part of a Serviceguard cluster, the following values are prepended: date timestamp hostname hostname_logfilename

This is equivalent to specifying the following: CLOG_TEXT_FORMAT[n]="custom"

For example, assuming the log files myapp.logand mylog.logare not in syslog format, the original example could have been fully specified as the following:

CLOG_TEXT_LOG[0]=/var/opt/myapp/myapp.log

CLOG_TEXT_FORMAT[0]="custom"

CLOG_TEXT_LOG[1]=/var/adm/logs/mylog.log

CLOG_TEXT_FORMAT[1]="custom"

72 Consolidated Logging