Distributed Systems Administration Utilities User's Guide, Linux, March 2009

ManualsBrandsHP ManualsSoftwareHP Linux Caliper Software Electronic LTU

destination d_syslog { file(“<%FS%>/syslog/syslog.log”); };

becomes:

destination d_syslog { file(“/clog/syslog/syslog.log”); };

Make sure that this directory exists or the appropriate filesystem is mounted. Since

consolidated logs can grow quite large, HP recommends that this filesystem use the largefiles

option and that there is sufficient room for growth.

• When using TCP, record the port number you choose above in the /etc/services file.

For example, add the line:

clog_tcp 1776/tcp # Consolidated logging with syslog-ng

• Create the following symbolic link:

ln -sf /etc/syslog-ng.conf.server /etc/syslog-ng.conf

on Red Hat

ln -sf /etc/syslog-ng/syslog-ng.conf.server /etc/syslog-ng/syslog-ng.conf

on SLES

• The syslog-ng startup procedure, /etc/init.d/syslog-ng, relies on several

configuration variables. Edit /etc/sysconfig/syslog-ng as follows:

— Change the CLOG_CONFIGURED line to:

CLOG_CONFIGURED=1

— Add the following lines:

CLOG_CONSOLIDATOR=1

CLOG_FS=<directory where the consolidated logs will be stored>

If using the TCP protocol, add:

CLOG_TCP=1

CLOG_TCP_PORT=<tcp port chosen for log consolidation>

otherwise, if using the UDP protocol, add:

CLOG_TCP=0

If consolidating the local syslogs, add:

CLOG_SYSLOG=1

otherwise add:

CLOG_SYSLOG=0

For a standalone consolidator, add the following:

CLOG_SYSTEM_LOG_CONSOLIDATION_DIR=<consolidated log directory/syslog>

CLOG_SERVICEGUARD_PACKAGE_LOG_CONSOLIDATION_DIR=<consolidated log directory/packages>

— Add the following two values that are used by the System File Viewer:

CLOG_LAYOUTS_DIR=/var/opt/dsau/layouts

CLOG_ADDITIONAL_LOG_DIRS[0]=/var/log

• Test the configuration by performing the following steps:

1. Run /sbin/syslog-ng with the -s or --syntax-only option to verify the syntax

of the /etc/syslog-ng.conf file on Red Hat or /etc/syslog-ng/

syslog-ng.conf on SLES. This should be a symbolic link to /etc/

syslog-ng.conf.server on Red Hat or /etc/syslog-ng/

syslog-ng.conf.server on SLES as described previously.

2. Start syslog-ng using /etc/init.d/syslog-ng start.

3. If consolidating the local syslogs, use logger <test message> and make sure this

message is in the consolidated syslog.log. If you are not consolidating the local logs,

use the logger command from a log forwarding client. Note that the logger messages

are first sent to the local syslog which forwards them to syslog-ng. syslogd by

3.3 Log Consolidation Configuration 61