Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Configuring a System
Using Distributed Systems Administration Utilities
Chapter 3234
Disabling a Serviceguard Cluster Log Forwarding Client
Perform the following steps to deconfigure log forwarding. These steps
need to be done on each cluster member:
Step 1. If syslog messages were being forwarded to the log consolidator, edit
/etc/rc.config.d/syslogd and change SYSLOGD_OPTS to remove the
-N switch. For example, SYSLOGD_OPTS=“-D”.
Step 2. Edit the systems /etc/syslog.conf file to remove the following lines:
mail.debug @<fully qualified hostname>
*.info;mail.none @<fully qualified hostname>
where <fully qualified hostname> is the fully qualified hostname of
this system.
Step 3. Stop and restart syslogd with the following commands:
# /sbin/init.d/syslogd stop
# /sbin/init.d/syslogd start
Step 4. Stop syslog-ng:
# /sbin/init.d/syslog-ng stop
(Note this will stop the syslog-ng daemon, stop ssh port forwarding if
configured, and stop package log forwarding if configured.)
Step 5. Edit the /etc/rc.config.d/syslog-ng file and change the
CLOG_CONFIGURED line to CLOG_CONFIGURED=0. Remove all other CLOG
lines except for the following:
CLOG_LAYOUTS_DIR=/var/opt/dsau/layouts
CLOG_ADDITIONAL_LOG_DIRS[0]=/var/adm/syslog
Step 6. If ssh port forwarding had been configured, remove the following line
from /etc/services:
clog_ssh <port>/tcp # Consolidated logging with ssh port forwarding
Securing Consolidated Logs
On a standard HP-UX system, all users can view the system’s local
/var/adm/syslog/syslog.log. Access to consolidated logs is typically
restricted. The log consolidation server system itself is usually a
restricted access system with strict security policies in place.