Distributed Systems Administration Utilities User's Guide, Linux, March 2009

ManualsBrandsHP ManualsSoftwareHP Linux Caliper Software Electronic LTU

Manual configuration is required for the following cases:

• When a cluster is a log forwarding client and forwarding package logs, manual configuration

is required on the consolidation server (standalone or cluster) to filter the package logs

appropriately.

• When configuring a Serviceguard Cluster as a log consolidator and you require:

— Special customization of the clog package

— Use of VxVM instead of LVM

— Use of the Cluster File System (CFS)

It is often simplest to run the wizard and let it complete the basic configuration and then

customize, starting from that point.

The following sections describe the steps required to configure log consolidation systems

manually. The systems you can configure manually are:

• Standalone log consolidation server

• Serviceguard cluster log consolidation server

3.3.2.1 Manually Configuring a Standalone Log Consolidation Server

Start with the same syslog-ng.conf templates used by the clog_wizard. Copy /opt/dsau/

share/clog/templates/syslog-ng.conf.server.template to /etc/

syslog-ng.conf.server on Red Hat or /etc/syslog-ng/syslog-ng.conf.server on

SLES. This file has tokens named <%token-name%> that are replaced by the wizard based on

the administrator’s answers to the wizard’s questions.

Replace the tokens as follows:

• Delete the<%UDP_LOOPBACK_SOURCE%> and <%UDP_LOOPBACK_LOG%> tokens.

• Replace the <%TYPE%> tokens with either udp or tcp depending on the desired log transport

to support. There are multiple lines with the <%TYPE%> token and all must be edited

appropriately.

• For the “source s_syslog_<%TYPE%>” line, replace the <%PORT%> and<%KEEP_ALIVE%>

tokens with appropriate values, as follows:

source s_syslog_<%TYPE%> { <%TYPE%>(port(<%PORT%>) <%KEEP_ALIVE%>); };

For TCP, the port needs to be an available TCP port. See section “Configuring a Log

Consolidation Standalone Server with clog_wizard” (page 50) for a discussion of selecting

an available port. For UDP, use port 514.

<%KEEP_ALIVE%> applies only when selecting TCP as the log transport. Replace this token

with “keep-alive(yes) ” which instructs syslog-ng to keep connections open when

it is rereading its configuration file. If using UDP, delete this token.

• For the “destination d_syslog_<%TYPE%>” line, replace the <%IP%> and<%PORT%>

tokens:

destination d_syslog_<%TYPE%> { <%TYPE%>(“<%IP%>” port(<%PORT%>)); };

For example, for TCP:

destination d_syslog_tcp { tcp(“local_hostname” port(1776)); };

where the <%IP%> is replaced by the server’s IP address or local hostname and the <%PORT%>

is replaced by the selected TCP port number.

For UDP:

destination d_syslog_udp { udp(“local_hostname” port(514)); }

where <%IP%> is replaced by the server’s IP address or local hostname and the <%PORT%>

token is replaced by 514, the standard syslog UDP port.

• Replace the<%FS%> token with the filesystem or directory where the consolidated logs will

be kept. For example,

60 Consolidated Logging