Manualshelf

Distributed Systems Administration Utilities User's Guide, Linux, March 2009

ManualsBrandsHP ManualsSoftwareHP Linux Caliper Software Electronic LTU
61626364656667686970
1. To configure syslog-ng, start with the same syslog-ng.conf templates used by the
clog_wizard. On one cluster member, copy
/opt/dsau/share/clog/templates/syslog-ng.conf.server.template
to /etc/syslog-ng.conf.server on Red Hat or /etc/syslog-ng/
syslog-ng.conf.server on SLES. Then copy an
/opt/dsau/share/clog/templates/syslog-ng.conf.client.template
to /etc/syslog-ng.conf.client on Red Hat or /etc/syslog-ng/
syslog-ng.conf.client on SLES. Both files have tokens named <%token-name%> that
are replaced by the wizard based on the administrators answers to the wizard’s questions.
Manually replace the tokens in /etc/syslog-ng.conf.server on Red Hat or /etc/
syslog-ng/syslog-ng.conf.server on SLES as follows:
a. Delete the <%UDP_LOOPBACK_SOURCE%> and <%UDP_LOOPBACK_LOG%> tokens.
b. Replace the <%TYPE%> tokens with either udp or tcp depending on the desired log
transport to support. There are multiple lines with the <%TYPE%> token and all must
be edited appropriately.
c. For the “source s_syslog_<%TYPE%>” line, replace the <%PORT%> and
<%KEEP_ALIVE%> tokens with appropriate values:
source s_syslog_<%TYPE%> {<%TYPE%>(port(<%PORT%>)<%KEEP_ALIVE%>); };
For TCP, the port needs to be an available TCP port on all cluster members. See the
section “Configuring a Log Consolidation Standalone Server with clog_wizard” (page 50)
for a discussion of selecting an available port. For UDP, use port 514.
<%KEEP_ALIVE%> applies only when selecting TCP as the log transport. Replace this
token with “keep-alive(yes)” which instructs syslog-ng to keep connections
open when it is rereading its configuration file. If using UDP, delete this token.
d. For the destination d_syslog_<%TYPE%> line, replace the <%IP%> and <%PORT%>
tokens:
destination d_syslog_<%TYPE%> { <%TYPE%>(<%IP%> port(<%PORT%>)); };
For example, for TCP:
destination d_syslog_tcp { tcp(package IP port(1776)); };
where the <%IP%> is replaced by the clog package IP address or hostname and the
<%PORT%> is replaced by the selected TCP port number.
For UDP:
destination d_syslog_udp { udp(package IP port(514)); };
where <%IP%> is replaced by the clog package IP address or hostname and the
<%PORT%> token is replaced by 514, the standard syslog UDP port.
e. Replace the <%FS%> token with the filesystem or directory where the consolidated logs
will be kept. This filesystem/directory is the one managed by the Serviceguard package.
For example:
destination d_syslog { file(<%FS%>/syslog/syslog.log); };
becomes:
destination d_syslog { file(/clog/syslog/syslog.log); };
Make sure that this filesystem mount point exists clusterwide and that the storage fails
over correctly clusterwide. Since consolidated logs can grow quite large, HP recommends
that this filesystem use the largefiles option and that there is sufficient room for growth.
For additional information on creating the Serviceguard storage/filesystem configuration
for a package, refer to the Managing Serviceguard manual.
3.3 Log Consolidation Configuration 63