Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Configuring a System
Using Distributed Systems Administration Utilities
Chapter 3210
same manner as a remote client. In other words, when the
consolidator is a client of itself, it’s configured identically to remote
clients.
If using the UDP protocol or not consolidating the local syslogs of this
server, delete the <%UDP_LOOPBACK_SOURCE%> and
<%UDP_LOOPBACK_LOG%> tokens.
• Replace the <%TYPE%> tokens with either udp or tcp depending on the
desired log transport to support. Note that even when using TCP
clients, UDP clients are also supported if the consolidation of the
server’s local syslogs is configured. There are multiple lines with the
<%TYPE%> token and all must be edited appropriately.
• For the “source s_syslog_<%TYPE%> ” line, replace the <%PORT%>
and <%KEEP_ALIVE%> tokens with appropriate values, as follows:
source s_syslog_<%TYPE%> { <%TYPE%>(port(<%PORT%>) <%KEEP_ALIVE%>); };
For TCP, the port needs to be an available TCP port. See section
“Configuring a Log Consolidation Standalone Server with
clog_wizard” on page 192 for a discussion of selecting an available
port. For UDP, use port 514.
<%KEEP_ALIVE%> applies only when selecting TCP as the log
transport. Replace this token with “keep-alive(yes)” which
instructs syslog-ng to keep connections open when it is rereading
its configuration file. If using UDP, delete this token.
• For the “destination d_syslog_<%TYPE%>” line, replace the <%IP%>
and <%PORT%> tokens:
destination d_syslog_<%TYPE%> { <%TYPE%>(“<%IP>” port(<%PORT%>)); };
For example, for TCP:
destination d_syslog_tcp { tcp(“
local hostname
” port(1776)); };
where the <%IP%> is replaced by the server’s IP address or local
hostname and the <%PORT%> is replaced by the selected TCP port
number.
For UDP:
destination d_syslog_udp { udp(“local hostname” port(514)); }
where <%IP%> is replaced by the server’s IP address or local
hostname and the <%PORT%> token is replaced by 514, the standard
syslog UDP port.