Manualshelf

Distributed Systems Administration Utilities User's Guide

ManualsBrandsHP ManualsSoftwareHP-UX System Administration
51525354555657585960
where log-consolidation-server is the fully qualified domain name of the consolidation
server. The name must be fully qualified or syslogd will not forward the messages properly.
NOTE: There must be a <tab> before each @ sign.
If you have customized syslog.conf, make sure to add the forwarding lines for your
customizations as well.
syslogd must be stopped and restarted for these changes to take effect, using the following
commands:
# /sbin/init.d/syslogd stop
# /sbin/init.d/syslogd start
With syslogd appropriately configured, now configure syslog-ng.
Start with the same syslog-ng.conf templates used by the clog_wizard. Copy /opt/dsau/
share/clog/templates/syslog-ng.conf.server.template to /etc/
syslog-ng.conf.server. This file has tokens named <%token-name%> that are replaced
by the wizard based on the administrators answers to the wizard’s questions.
Replace the tokens as follows:
When using the TCP protocol and configuring the consolidation server to consolidate its
own syslogs, replace the <%UDP_LOOPBACK_SOURCE%> token with:
source s_syslog_udp { udp(port(514)); };
Replace the <%UDP_LOOPBACK_LOG%> token with:
log { source(s_syslog_udp); destination(d_syslog_tcp); };
This causes the syslog-ng consolidator to read the local syslogds UDP messages and
send them to syslog-ng on the local TCP port. Optionally, the destination could be set to
be the local consolidation file directly, (destination(d_syslog) in this default template),
but this configures the consolidation server client components in the same manner as a
remote client. In other words, when the consolidator is a client of itself, it’s configured
identically to remote clients.
If using the UDP protocol or not consolidating the local syslogs of this server, delete
the<%UDP_LOOPBACK_SOURCE%> and <%UDP_LOOPBACK_LOG%> tokens.
Replace the <%TYPE%> tokens with either udp or tcp depending on the desired log transport
to support. Note that even when using TCP clients, UDP clients are also supported if the
consolidation of the servers local syslogs is configured. There are multiple lines with the
<%TYPE%> token and all must be edited appropriately.
For the source s_syslog_<%TYPE%> line, replace the <%PORT%> and<%KEEP_ALIVE%>
tokens with appropriate values, as follows:
source s_syslog_<%TYPE%> { <%TYPE%>(port(<%PORT%>) <%KEEP_ALIVE%>); };
For TCP, the port needs to be an available TCP port. See section “Configuring a Log
Consolidation Standalone Server with clog_wizard” (page 46) for a discussion of selecting
an available port. For UDP, use port 514.
<%KEEP_ALIVE%> applies only when selecting TCP as the log transport. Replace this token
with “keep-alive(yes) ” which instructs syslog-ng to keep connections open when
it is rereading its configuration file. If using UDP, delete this token.
For the “destination d_syslog_<%TYPE%>” line, replace the <%IP%> and<%PORT%>
tokens:
destination d_syslog_<%TYPE%> { <%TYPE%>(<%IP%> port(<%PORT%>)); };
For example, for TCP:
destination d_syslog_tcp { tcp(local_hostname port(1776)); };
3.3 Log Consolidation Configuration 57