Distributed Systems Administration Utilities User's Guide
Figure 3-1 syslog-ng Log-Forwarding Configuration
1. The grey area represents standard syslogd operation. Applications such as Serviceguard’s
cmcld daemon call syslog (see syslog(3C)) to send messages to syslogd. syslog writes
messages to the local system’s /var/adm/syslog/syslog.log and related files.
Applications also frequently have application-specific log files. In this example, Serviceguard
maintains a log of package operations in
/etc/cmcluster/package-name/package-name.log.
2. The clog_tail daemon of DSAU, labeled “Log reader” in the diagram, monitors text-based
logs and sends new log lines to syslog-ng for processing. In a Serviceguard cluster,
clog_tail defaults to monitoring all the package logs.
3. The log_reader sends all new log messages to a named pipe
(log_consolidation_fifo), which is one of the log sources for syslog-ng.
4. The syslog-ng reads any new data from the named pipe and forwards it to the log
consolidation server.
5. The local syslogd, in addition to writing log messages to the local /var/adm/syslog/
syslog.log, is configured to additionally forward all messages to the local instance of
syslog-ng. syslog-ng in turn, forwards these messages to the log consolidator. The
administrator can choose to use UDP, TCP, or TCP with ssh when forwarding messages.
Figure 3-2 illustrates the configuration on the log consolidation server.
44 Consolidated Logging