Manualshelf

Distributed Systems Administration Utilities User's Guide, Linux, March 2009

ManualsBrandsHP ManualsSoftwareHP Linux Caliper Software Electronic LTU
71727374757677787980
2. Edit the /etc/sysconfig/syslog-ng file and change the CLOG_CONFIGURED line to
the following:
CLOG_CONFIGURED=0
Remove all other CLOG lines except for the following:
CLOG_LAYOUTS_DIR=/var/opt/dsau/layouts
CLOG_ADDITIONAL_LOG_DIRS[0]=/var/log
3. If ssh port forwarding had been configured, remove the following line from /etc/
services:
clog_ssh <port>/tcp # Consolidated logging with ssh port forwarding
3.4.4 Disabling a Serviceguard Cluster Log Forwarding Client
Perform the following steps to disable log forwarding. Complete these steps on each cluster
member:
1. Stop syslog-ng:
# /etc/init.d/syslog-ng stop
This stops the syslog-ng daemon, stops ssh port forwarding if configured, and stops
package log forwarding if configured.
2. Edit the /etc/sysconfig/syslog-ng file and change the CLOG_CONFIGURED line to
CLOG_CONFIGURED=0. Remove all other CLOG lines except for the following:
CLOG_LAYOUTS_DIR=/var/opt/dsau/layouts
CLOG_ADDITIONAL_LOG_DIRS[0]=/var/log
3. If ssh port forwarding had been configured, remove the following line from /etc/
services:
clog_ssh <port>/tcp # Consolidated logging with ssh port forwarding
3.5 Securing Consolidated Logs
On a standard Linux system, all users can view the system’s local /var/log/messages. Access
to consolidated logs is typically restricted. The log consolidation server system itself is usually
a restricted access system with strict security policies in place.
3.5.1 Log File Protections
One level of protection is the permissions on the consolidated log files themselves. This is
controlled using the syslog-ng.conf.server file. Each syslog-ng “file” destination can have
specific permissions specified. If the log directory for a consolidated file does not exist, syslog-ng
can be instructed to create it (create_dirs(yes)) and set the directory’s ownership and permissions
on the directory as well. For example,
destination d_file { file(/clog/test/example.log );
dir_owner(root);
dir_group(sys);
dir_perm(0600);
owner(root);
group(sys);
perm(0600);
};
3.5.2 ssh Port Forwarding
ssh port forwarding sets up a tunnel for the log traffic between the syslog-ng log forwarding
client and the syslog-ng log consolidation server. This ssh-based tunnel is only available when
using the TCP transport, not UDP. Also, ssh port forwarding is not used when forwarding log
78 Consolidated Logging