Distributed Systems Administration Utilities User's Guide
3.3.1.6 Configuring a Log Forwarding Client Using clog_wizard
There are two ways to configure a log forwarding client: as a standalone machine or as a
Serviceguard cluster. When configuring a cluster as a log forwarding client, all the members of
the cluster will be configured identically as clients. The wizard asks the same questions and
performs the same configuration actions for single systems and for clusters. The examples below
show use of the clog wizard on a Serviceguard cluster. After starting clog_wizard, answer
“yes” to the following question:
Do you want to configure log consolidation? (y/n) [y]:
or press Enter. The next question is:
You can configure this cluster cluster_member as either a:
- Consolidation server
- Client that forwards logs to a remote consolidation server
Do you want to configure cluster_member as a Consolidation Server? (y/n) [y]: n
Answer “No” here. At this point you are configuring a log forwarding client. The wizard displays
the following:
You now need to specify which system will be the
consolidator. If the consolidator is a Serviceguard
cluster, specify the IP address of the "clog"
Serviceguard package for this question. The "clog"
package makes log consolidation highly
available on the consolidator.
The consolidation server must already be configured.
Enter the hostname or IP address of the consolidator
[]: clog.usa.xyz.com
After entering the hostname or IP address of the log consolidation server, the wizard asks if you
want to use the TCP transport when forwarding log messages:
You can choose to forward logs to the consolidator using either
the UDP protocol or the TCP protocol (recommended).
Do you want to use the TCP protocol? (y/n) [y]:
Standard syslogd forwards messages using the UDP protocol. UDP is a high-performance,
broadcast-oriented protocol with no flow control or message delivery verification. syslog-ng
supports syslogd’s UDP protocol and a TCP protocol. The TCP transport offers both flow
control and message delivery checks. However, since TCP is a connection-oriented protocol, it
requires additional resources on the log consolidation server. The consolidation server’s
max-connections attribute must be set according to the maximum number of expected clients.
Refer to the section “Configuring a Log Consolidation Standalone Server with clog_wizard”
(page 46) for a discussion of the max-connections setting.
If you answer “yes” to using TCP, the next question asks for the TCP port to forward messages
to:
Ask the administrator of the consolidation server which TCP
port was configured for receiving logs.
Enter the TCP port configured on the CONSOLIDATOR for
receiving logs []: 1776
You must use the TCP port selected by the system administrator of the log consolidation server.
If the clog_wizard was used to configure the server, the port number is saved in
/etc/rc.config.d/syslog-ng as the variable CLOG_TCP_PORT. In this example, TCP port
1776 was used. If you answer “yes” to the TCP question, the following question is displayed:
The TCP protocol can be used together with Secure
Shell port forwarding to enhance security. Each member
of this cluster must already have non interactive Secure
54 Consolidated Logging