Distributed Systems Administration Utilities User's Guide

For the log line:

log { source(s_syslog_type); filter (f_node1_text1);destination(d_node1_text1); flags(final);};

where text1 is the text logfile name, node1 is the relocatable IP address (for a Serviceguard

cluster) or hostname (for a non-Serviceguard cluster) that is forwarding this text log, fs is the

filesystem on the log consolidator where the consolidated logs will be stored, type is the

“s_source” definition, either _tcp or _udp, depending on the log transport selected, and

textdir is the name of the directory where you plan to store all text logs.

2. If the log consolidator is a Serviceguard cluster, make sure to copy the edited /etc/

syslog-ng.conf.server file cluster-wide with the following command:

# ccp /etc/syslog-ng.conf.server /etc/

3. sighup syslog-ng on the log consolidator so that it rereads its configuration file. (sighup

is a UNIX method for restarting a process.) On a Serviceguard log consolidator, sighup

syslog-ng only on the adoptive node of the clog package.

3.3.2.3.3.3 Stopping Consolidation of Text Logs

To stop consolidation of text logs, complete the following tasks for each system where you plan

to stop log consolidation:

1. Edit the system’s /etc/rc.config.d/syslog-ng file. For each ASCII log file you plan

to stop consolidating, do the following:

• Remove the CLOG_TEXT_LOG[] and the corresponding CLOG_TEXT_FORMAT[]

entry for that text log, if present.

For example, to stop consolidation of the text log myapp.log, remove the following

entries from the /etc/rc.config.d/syslog-ng file:

CLOG_TEXT_LOG[4]=/var/opt/myapp.log

CLOG_TEXT_FORMAT[4]="syslog"

2. After making the required edits, restart syslog-ng using the command:

/sbin/init.d.syslog-ng restart so that the changes to the /etc/rc/config.d/

syslog-ng file take effect.

If the system is a Serviceguard cluster, copy the edited /etc/rc.config.d/syslog-ng

file cluster-wide with the following command:

# ccp /etc/syslog-ng.conf.server /etc/

Restart syslog-ng on all cluster nodes.

3. For each text log that is deleted from a client that is forwarding its text logs, delete the

corresponding destination, filter and log lines from the /etc/syslog-ng.conf.server

file of the log consolidator. syslog-ng on the log consolidator must be sighup’d so that it

rereads this configuration file.

On a Serviceguard log consolidator, the updated /etc/syslog-ng.conf.server file

must be distributed cluster-wide. However, the sighup of syslog-ng needs to be done

only on the adoptive node of the clog package.

3.3.2.4 Consolidating Package Logs on the Log Consolidation Server

When remote Serviceguard clusters forward package log data to a log consolidation server, the

default is to place all forwarded log messages in the consolidated syslog.log file on the

consolidation server. It can be much more convenient to place these messages in cluster-specific

consolidated package log files instead of in the consolidated syslog.log file. This can be

achieved using syslog-ng’s filtering rules as follows:

74 Consolidated Logging