Manualshelf

Distributed Systems Administration Utilities User's Guide

ManualsBrandsHP ManualsSoftwareHP-UX System Administration
71727374757677787980
allowing the administrator to choose which security features to enable or disable from
hardening/lockdown checklists.
Bastille can be used to harden a log consolidation server by enabling security tools such as IP
filtering. If IP filtering is enabled, the ports described in “clog Network Port Usage” (page 79)
must not be blocked.
Additionally, Bastille asks the following questions that impact a log consolidation system:
Do you want to BLOCK incoming Secure Shell connections with IPFilter?
When configuring a log consolidation server, answer No to the question if you plan to support
clients using the tcp transport and ssh tunneled connections to the server.
Would you like to restrict the system logging daemon to local
connections?
Answering yes to this question adds the -N option to /etc/syslog.conf. When configuring
a log consolidation server, this option is required. The clog_wizard adds it automatically; the
manual configuration instructions also explain the appropriate edits to /etc/syslog.conf.
3.6 Viewing System and Consolidated Logs
Use the System Management Homepage’s System and Consolidated Log Viewer to filter and
view a system’s local syslog log files. For a system that is also a log consolidator, the System
and Consolidated Log Viewer also filters and displays the consolidated logs.
3.6.1 Starting System Management Homepage
To log in to the System Management Homepage, navigate to:
http://hostname:2301
Enter a username and password. Root logins are enabled by default. For additional information
on starting and logging into the System Management Homepage, refer to the HP System
Management Homepage User Guide.
After logging in to System Management Homepage, choose the Logs tab and then System and
Consolidated Log Viewer.
3.6.2 Using the System and Consolidated Log Viewer
The System and Consolidated Log Viewer will display the syslog-related logs for the system.
By default, this includes the local logs for the system from /var/adm/syslog. If this system is
also a log consolidator, the consolidated logs will also be listed.
NOTE: In a Serviceguard cluster configured as a log consolidation server, the consolidated logs
are placed on the filesystem associated with the “clog” package. See “Cluster Configuration
Notes for clog” (page 52) for additional details. When using LVM and VxVM storage failover
configurations, this means that the consolidated logs are only accessible to a single cluster member
at a time. When using the http://hostname:2301 technique for starting SMH in a cluster,
the administrator needs to know which cluster member is currently hosting the package, and
should use that hostname in the URL.
Fortunately, there is a simpler solution: System Management Homepage supports virtual IP
addresses such as those used by Serviceguard packages. This allows the administrator to use the
package’s virtual IP address or DNS name in the auto-start URL
(http://virtual_IP_address:2301) to launch the viewer on the system hosting the consolidated
logs. For additional information, refer to the HP System Management Homepage User Guide.
Choose a log to view from the main Select tab. Use the Filter tab to specify filter expressions to
search for specific entries, and then choose the Display tab to display the contents of the log. For
80 Consolidated Logging