Distributed Systems Administration Utilities User's Guide, Linux, March 2009
2. Manually replace the tokens in /etc/syslog-ng.conf.client on Red Hat or /etc/
syslog-ng/syslog-ng.conf.client on SLES as follows:
a. Delete the <%UDP_LOOPBACK_SOURCE%> and <%UDP_LOOPBACK_LOG%> tokens.
b. Replace all the <%TYPE%> tokens with either tcp or udp depending on the desired log
transport.
c. Find the line: “destination d_syslog_<%TYPE%>{
<%TYPE%>(“<%IP%>”port(<%PORT>%>)); };.”
Replace <%IP%> with the IP address of the clog package. For TCP, replace <%PORT%>
with the TCP port used for log forwarding (selected above). For UDP, replace <%PORT%>
with 514, the standard UDP port.
3. The syslog-ng startup procedure, /etc/init.d/syslog-ng, relies on several
configuration variables. Edit /etc/sysconfig/syslog-ng as follows:
a. Change the CLOG_CONFIGURED line to:
CLOG_CONFIGURED=1
b. Add the following lines:
CLOG_CONSOLIDATOR=1
If using the TCP protocol, add:
CLOG_TCP=1
CLOG_TCP_PORT=<tcp port chosen for log consolidation>
otherwise, if using the UDP protocol, add:
CLOG_TCP=0
If consolidating the local syslogs, add:
CLOG_SYSLOG=1
otherwise, add:
CLOG_SYSLOG=0
If consolidating package logs of this cluster, add:
CLOG_PACKAGE=1
otherwise
CLOG_PACKAGE=0
c. Add the following two values which are used by the System Log Viewer:
CLOG_LAYOUTS_DIR=/var/opt/dsau/layouts
CLOG_ADDITIONAL_LOG_DIRS[0]=/var/log
4. All the files edited thus far need to be distributed clusterwide:
# ccp /etc/syslog-ng.conf.server /etc/
# ccp /etc/syslog-ng.conf.client /etc/
# ccp /etc/sysconfig/syslog-ng /etc/sysconfig/
on Red Hat
or
# ccp /etc/syslog-ng/syslog-ng.conf.server /etc/
# ccp /etc/syslog-ng/syslog-ng.conf.client /etc/
# ccp /etc/sysconfig/syslog-ng /etc/sysconfig/
on SLES.
5. When using TCP, record the port number you chose above in the /etc/services file. For
example, add the line:
clog_tcp 1776/tcp # Consolidated logging with syslog-ng
Add this line to /etc/services for each member of the cluster.
64 Consolidated Logging