Manualshelf

Distributed Systems Administration Utilities User's Guide, Linux, March 2009

ManualsBrandsHP ManualsSoftwareHP Linux Caliper Software Electronic LTU
71727374757677787980
2. The syslog-ng startup procedure, /etc/init.d/syslog-ng, relies on several
configuration variables. Edit /etc/sysconfig/syslog-ng as follows:
a. Change the CLOG_CONFIGURED line to:
CLOG_CONFIGURED=1
b. Add the following lines:
CLOG_CONSOLIDATOR=0
CLOG_CONS_IP=<IP address of the log consolidator>
c. If using the TCP protocol, add the following lines:
CLOG_TCP=1
CLOG_TCP_PORT=<log consolidation server tcp port>
If using ssh port forwarding, add:
CLOG_SSH=1
CLOG_SSH_PORT=<ssh port chosen>
otherwise, add:
CLOG_SSH=0
otherwise, if using the UDP protocol, add:
CLOG_TCP=0
If consolidating the local syslogs, add:
CLOG_SYSLOG=1
otherwise add:
CLOG_SYSLOG=0
If consolidating this clusters package logs, add:
CLOG_PACKAGE=1
otherwise, add:
CLOG_PACKAGE=0
3. All the files edited thus far need to be distributed clusterwide:
# ccp /etc/syslog-ng.conf.client /etc/
# ccp /etc/sysconfig/syslog-ng /etc/sysconfig/
on Red Hat or
# ccp /etc/syslog-ng/syslog-ng.conf.client /etc/
# ccp /etc/sysconfig/syslog-ng /etc/sysconfig/
on SLES.
Create the following symbolic link on each cluster member:
# ln -sf /etc/syslog-ng.conf.client /etc/syslog-ng.conf
on Red Hat or
# ln -sf /etc/syslog-ng/syslog-ng.conf.client /etc/syslog-ng.conf
on SLES.
4. When using TCP with ssh port forwarding, record the ssh port number you chose above
in the /etc/services file. For example, add the line:
clog_ssh 1776/tcp # Consolidated logging with ssh port forwarding
Add this line to the /etc/services file of each cluster member.
5. To consolidate this clusters package logs, additional manual steps are needed on the log
consolidation server. Each time a package is created or deleted on this cluster, these steps
need to be done. Refer to “Consolidating Package Logs on the Log Consolidation Server
(page 76).
72 Consolidated Logging