Manualshelf

Distributed Systems Administration Utilities User's Guide

ManualsBrandsHP ManualsSoftwareHP-UX System Administration
51525354555657585960
1. If you want the local syslog messages for the cluster itself to be part of the consolidated
syslog, complete the following tasks:
a. Start by configuring the standard syslogd to co-exist with a syslog-ng consolidator.
By default, syslogd listens for incoming log messages on UDP port 514. To use the
UDP protocol or consolidate this servers local syslogs, syslog-ng must listen on
UDP port 514. Edit/etc/rc.config.d/syslogd and change SYSLOGD_OPTS to add
the -N switch to prevent syslogd from listening on port 514. For example:
SYSLOGD_OPTS=-D -N
b. Edit the/etc/syslog.conf file to forward log messages to UDP port 514 on the local
host where they will be read by syslog-ng. Using the HP-UX default /etc/
syslog.conf as the example, add the following lines:
mail.debug @log-consolidation-server
*.info;mail.none @log-consolidation-server
where log-consolidation-server is the fully qualified domain name of the local
cluster member. The name must be fully qualified or syslogd will not forward messages
properly.
If you have customized syslog.conf, make sure to add the forwarding lines for your
customizations as well.
c. Since /etc/rc.config.d/syslogd is generic, it can be distributed cluster-wide
using ccp, as follows:
# cpp /etc/rc.config.d/syslogd /etc/rc.config.d/
d. The /etc/syslog.conf is specific to each member and the edits described previously
must be performed on each cluster member.
e. Once you have made the above changes on each cluster member, syslogd must be
restarted for these changes to take effect. Use cexec to do this on all members of the
cluster:
# cexec /sbin/init.d/syslogd stop;/sbin/init.d/syslogd start
2. To configure syslog-ng, start with the same syslog-ng.conf templates used by the
clog_wizard. On one cluster member, copy
/opt/dsau/share/clog/templates/syslog-ng.conf.server.template
to /etc/syslog-ng.conf.server. Then copy an
/opt/dsau/share/clog/templates/syslog-ng.conf.client.template
to /etc/syslog-ng.conf.client. Both files have tokens named <%token-name%>
that are replaced by the wizard based on the administrators answers to the wizard’s
questions.
Manually replace the tokens in /etc/syslog-ng.conf.server as follows:
60 Consolidated Logging