Managing Systems and Workgroups: A Guide for HP-UX System Administrators

Conﬁguring a System

Using Distributed Systems Administration Utilities

Chapter 3 223

b. Edit the system’s /etc/syslog.conf ﬁle to forward log messages to

port 514 on the local host where they will be read by syslog-ng.

Using the HP-UX default /etc/syslog.conf as the example, add the

following lines:

mail.debug @<fully qualified hostname>

*.info;mail.none @<fully qualified hostname>

Where <fully qualified hostname> is the fully qualiﬁed hostname

of this system. The name must be fully qualiﬁed or syslogd will not

forward the messages properly.

If you have customized syslog.conf, make sure to add the

forwarding lines for your customizations as well.

c. Stop and restart syslogd for these changes to take effect:

# /sbin/init.d/syslogd stop

# /sbin/init.d/syslogd start

Step 2. To conﬁgure syslog-ng, start with the same syslog-ng.conf templates

used by the clog_wizard.

Copy /opt/dsau/share/clog/templates/syslog-ng.conf.client

.template to /etc/syslog-ng.conf.client. This ﬁle has tokens

named <%token-name%> which are replaced by the wizard based on the

administrator’s answers to the wizard’s questions.

Manually replace the tokens in /etc/syslog-ng.conf.client as

follows:

a. If conﬁguring the system to forward its syslogs to the consolidation

server, replace the <%UDP_LOOPBACK_SOURCE%> token with:

source s_syslog_udp { udp(port(514)); };

Replace the <%UDP_LOOPBACK_LOG%> token with:

log { source(s_syslog_udp); destination(d_syslog_<type>); };

where <type> is either tcp or udp depending on the desired log

transport.

This causes syslog-ng to read the local syslogd’s UDP messages

and send them to the log consolidation server. If you do not want to

consolidate the local syslogs of this system, delete the

<%UDP_LOOPBACK_SOURCE%> and <%UDP_LOOPBACK_LOG%> tokens.