Manualshelf

Managing Systems and Workgroups: A Guide for HP-UX System Administrators

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
231232233234235236237238239240
Configuring a System
Using Distributed Systems Administration Utilities
Chapter 3 235
Log File Protections
One level of protection is the permissions on the consolidated log files
themselves. This is controlled via the syslog-ng.conf.server file. Each
syslog-ng “file” destination can have specific permissions specified. If the
log directory for a consolidated file does not exist, syslog-ng can be
instructed to create it (create_dirs(yes)) and set the directory’s ownership
and permissions on the directory as well. For example,
destination d_file { file(“/clog/test/example.log” );
dir_owner(root);
dir_group(sys);
dir_perm(0600);
owner(root);
group(sys);
perm(0600);
};
ssh Port Forwarding
ssh port forwarding sets up an encrypted tunnel for the log traffic
between the syslog-ng log forwarding client and the syslog-ng log
consolidation server. This ssh-based tunnel is only available when using
the TCP transport, not UDP. Also, ssh port forwarding is not used when
forwarding log traffic within a Serviceguard cluster (member to
member). Standard TCP or UDP is used for intra-cluster log traffic.
ssh port forwarding is transparent to syslog-ng. The
/etc/syslog-ng.conf.client file is configured so that syslog-ng
forwards log traffic to a local port managed by ssh. The local ssh
connects to the remote sshd on the log consolidation server and sshd
opens the standard syslog-ng TCP port. The remote log consolidation
believes it has a standard log forwarding client and is unaware of the
tunneling taking place.
One problem with ssh tunneling is failures of the log consolidation
server. If the syslog-ng server stops or crashes, the remote ssh tunnels
disconnect. The client ssh tunnels will try to reconnect at one minute
intervals. The reconnect time is configurable.
Each failed reconnect attempt is logged to the client’s local syslog.log.
During this time, syslog-ngs client log
(/var/adm/syslog/syslog-ng.log) will show it trying to reconnect to
the tunnel. The default reconnect time is 10 seconds. This is configurable