Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Configuring a System
Using Distributed Systems Administration Utilities
Chapter 3188
Improved Log Consolidation
The Distributed Systems Administration Utilities (DSAU) uses
syslog-ng, or syslog “Next Generation,” to address the weaknesses of
the traditional syslogd mentioned above.
syslog-ng is an open source syslogd replacement. It performs all the
functions of the standard syslogd in addition to providing features such
as the following:
• Improved filtering functionality. In addition to syslog's
facility/priority level filtering, syslog-ng can perform regular
expression filtering against the program name, hostname, text of the
message itself, the sender's IP address, and so on.
• TCP transport - In addition to syslogd’s UDP transport, syslog-ng
supports a TCP transport which offers better delivery guarantees.
NOTE It is important to note that syslog-ng's support for a TCP transport
does not imply that it safeguards against all message loss. For
example, if the log consolidation server is down, the remote
forwarding clients will indeed experience packet loss once their
buffers are exceeded (the client-side buffer size is configurable with
syslog-ng). TCP can offer better reliability in general, however, and
can offer increased security. For example, TCP-based log traffic can
be encrypted using ssh.
• Log rotation based on output filenames - Log output filenames can be
based on templates names which support macro expansion. For
example, if the output filename template contains the month macro,
a new filename will created each month.
• Launching programs - A message can trigger a program to be
launched, sending the message to its standard input
• Log forwarding for arbitrary text-based logs - In conjunction with
DSAU's clog_tail tool, syslog-ng can be used to forward and
consolidate arbitrary text-based application log files such as
Serviceguards package log files.