Manualshelf

Distributed Systems Administration Utilities User's Guide

ManualsBrandsHP ManualsSoftwareHP-UX System Administration
61626364656667686970
a. When using the TCP protocol and configuring the consolidation server to consolidate
its own syslogs, replace the <%UDP_LOOPBACK_SOURCE%> token with:
source s_syslog_udp { udp(port(514)); };
Replace the <%UDP_LOOPBACK_LOG%> token with:
log { source(s_syslog_udp); destination(d_syslog_tcp); };
This causes the syslog-ng consolidator to read the local syslogds UDP messages
and send them to syslog-ng on the local TCP port. Optionally, the destination could
be set to be the local consolidation file directly (destination(d_syslog) in this
default template), but the above configuration sets the consolidation server client
components in the same manner as a remote client. In other words, when the consolidator
is a client of itself, it is configured identically to remote clients.
If using the UDP protocol or not consolidating the local syslogs of this cluster, delete
the <%UDP_LOOPBACK_SOURCE%> and <%UDP_LOOPBACK_LOG%> tokens.
b. Replace the <%TYPE%> tokens with either udp or tcp depending on the desired log
transport to support. Note that even when using TCP clients, UDP clients are also
supported, if the consolidation of the clusters local syslogs is configured. There are
multiple lines with the <%TYPE%> token and all must be edited appropriately.
c. For the “source s_syslog_<%TYPE%>” line, replace the <%PORT%> and
<%KEEP_ALIVE%> tokens with appropriate values:
source s_syslog_<%TYPE%> {<%TYPE%>(port(<%PORT%>)<%KEEP_ALIVE%>); };
For TCP, the port needs to be an available TCP port on all cluster members. See the
section “Configuring a Log Consolidation Standalone Server with clog_wizard” (page 46)
for a discussion of selecting an available port. For UDP, use port 514.
<%KEEP_ALIVE%> applies only when selecting TCP as the log transport. Replace this
token with “keep-alive(yes)” which instructs syslog-ng to keep connections
open when it is rereading its configuration file. If using UDP, delete this token.
d. For the destination d_syslog_<%TYPE%> line, replace the <%IP%> and <%PORT%>
tokens:
destination d_syslog_<%TYPE%> { <%TYPE%>(<%IP%> port(<%PORT%>)); };
For example, for TCP:
destination d_syslog_tcp { tcp(package IP port(1776)); };
where the <%IP%> is replaced by the clog package IP address or hostname and the
<%PORT%> is replaced by the selected TCP port number.
For UDP:
destination d_syslog_udp { udp(package IP port(514)); };
where <%IP%> is replaced by the clog package IP address or hostname and the
<%PORT%> token is replaced by 514, the standard syslog UDP port.
3.3 Log Consolidation Configuration 61