Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Configuring a System
Using Distributed Systems Administration Utilities
Chapter 3 211
• Replace the <%FS%> token with the filesystem or directory where the
consolidated logs will be kept. For example,
destination d_syslog { file(“<%FS%>/syslog/syslog.log”); };
becomes:
destination d_syslog { file(“/clog/syslog/syslog.log”); };
Make sure that this directory exists or the appropriate filesystem is
mounted. Since consolidated logs can grow quite large, HP
recommends that this filesystem use the largefiles option and that
there is sufficient room for growth.
• When using TCP, record the port number you choose above in the
/etc/services file.
For example, add the line:
clog_tcp 1776/tcp # Consolidated logging with syslog-ng
• Create the following symbolic link:
ln -sf /etc/syslog-ng.conf.server /etc/syslog-ng.conf
• The syslog-ng startup procedure, /sbin/init.d/syslog-ng relies
on several configuration variables. Edit
/etc/rc.config.d/syslog-ng as follows:
— Change the CLOG_CONFIGURED line to:
CLOG_CONFIGURED=1
— Add the following lines:
CLOG_CONSOLIDATOR=1
CLOG_FS=<directory where the consolidated logs will be stored>
If using the TCP protocol, add:
CLOG_TCP=1
CLOG_TCP_PORT=<tcp port chosen for log consolidation>
otherwise, if using the UDP protocol, add:
CLOG_TCP=0