Distributed Systems Administration Utilities User's Guide, Linux, March 2009

ManualsBrandsHP ManualsSoftwareHP Linux Caliper Software Electronic LTU

stanzas added in this section direct syslog-ng to filter package log messages into the

appropriate consolidated package logs.

— The clog_tail log monitor adds or deletes the package log file from its list of files to

monitor.

3.3.1.5 Minimizing Message Loss During Failover

When there is a failure on the adoptive node, it takes a finite amount of time for the clog package

to fail over to another cluster member. The longer this failover time, the more likely that messages

could be lost from the consolidated log. Use the following guidelines to minimize message loss

during failover.

• Configure clients to use the TCP transport instead of the UDP transport. UDP messages will

be lost unconditionally when the package is down. The TCP protocol contains retry

mechanisms, congestion control, and so on, that help minimize message loss.

• syslog-ng can buffer TCP messages on the client side. The number of messages buffered

is controlled by the syslog-ng log_fifo_size setting. This sets an upper limit on the

number of messages that can be buffered. The default /etc/syslog-ng.conf file on Red

Hat or /etc/syslog-ng/syslog-ng.conf on SLES sets log_fifo_size to 10000.

• syslog-ng has a time_reopen() option to configure the time to wait before a dead

connection is reestablished. The /etc/syslog-ng.conf file on Red Hat or /etc/

syslog-ng/syslog-ng.conf on SLES has time_reopen() set to 10 seconds.

• Serviceguard offers various configuration options to improve failover times such as

HEARTBEAT_INTERVAL and NODE_TIMEOUT. Serviceguard Extension for Faster Failover

(SGeFF) is also available to optimize failover times for two-node clusters. Since syslog-ng

itself starts quickly, SGeFF is an ideal candidate for improving failover times and minimizing

message loss.

3.3.1.6 Configuring a Log Forwarding Client Using clog_wizard

There are two ways to configure a log forwarding client: as a standalone machine or as a

Serviceguard cluster. When configuring a cluster as a log forwarding client, all the members of

the cluster will be configured identically as clients. The wizard asks the same questions and

performs the same configuration actions for single systems and for clusters. The examples below

show use of the clog wizard on a Serviceguard cluster.After starting clog_wizard, answer

“yes” to the following question:

Do you want to configure log consolidation? (y/n) [y]:

or press Enter. The next question is:

You can configure this cluster cluster_member as either a:

- Consolidation server

- Client that forwards logs to a remote consolidation server

Do you want to configure cluster_member as a Consolidation Server? (y/n) [y]: n

Answer “No” here. At this point you are configuring a log forwarding client. The wizard displays

the following:

You now need to specify which system will be the

consolidator. If the consolidator is a Serviceguard

cluster, specify the IP address of the "clog"

Serviceguard package for this question. The "clog"

package makes log consolidation highly

available on the consolidator.

The consolidation server must already be configured.

Enter the hostname or IP address of the consolidator

[]: clog.usa.xyz.com

3.3 Log Consolidation Configuration 57