Manualshelf

Distributed Systems Administration Utilities User's Guide, Linux, March 2009

ManualsBrandsHP ManualsSoftwareHP Linux Caliper Software Electronic LTU
71727374757677787980
Then from each log consolidation client, perform a standard ssh key exchange with the relocatable
IP address of the clog package. One way to do this is using the csshsetup tool (see csshsetup(1)),
as follows:
# csshsetup <DNS name of the clog package>
csshsetup will prompt for the password of the cluster in order to do the initial key exchange.
3.5.3 clog Network Port Usage
syslog and syslog-ng require specific network ports to be available for correct operation.
These ports are the following:
UDP 514 – this port is used by syslogd clients for forwarding log messages
TCP port <selected port> - the administrator chooses which TCP port a syslog-ng log
consolidator uses to receive messages.
TCP port 22 – When using ssh port forwarding to create encrypted tunnels, the remote
clients communicate with the log consolidation servers sshd daemon. In a default
configuration, this daemon listens on TCP port 22.
3.5.4 Using Bastille to Harden the System
Bastille is a security-hardening lockdown tool that can be used to enhance the security of the
Linux operating system. It provides customized lockdown on a system-by-system basis by
allowing the administrator to choose which security features to enable or disable from
hardening/lockdown checklists.
Bastille can be used to harden a log consolidation server by enabling security tools such as IP
filtering. If IP filtering is enabled, the ports described in “clog Network Port Usage” (page 80)
must not be blocked.
Additionally, Bastille asks the following questions that impact a log consolidation system:
Do you want to BLOCK incoming Secure Shell connections with IPFilter?
When configuring a log consolidation server, answer No to the question if you plan to support
clients using the tcp transport and ssh tunneled connections to the server.
Would you like to restrict the system logging daemon to local
connections?
Answering yes to this question adds the -N option to /etc/syslog.conf. When configuring
a log consolidation server, this option is required. The clog_wizard adds it automatically; the
manual configuration instructions also explain the appropriate edits to /etc/syslog.conf.
3.6 Viewing Consolidated Logs
Use the System Management Homepage’s System Log Viewer to filter and view a system’s local
syslog log files. For a system that is also a log consolidator, the System Log Viewer also filters
and displays the consolidated logs.
3.6.1 Starting System Management Homepage
To log in to the System Management Homepage, navigate to:
http://hostname:2301
Enter a username and password. Root logins are enabled by default. For additional information
on starting and logging into the System Management Homepage, refer to the HP Systems
Management Homepage User Guide.
After logging in to System Management Homepage, choose the Logs tab and then “System Log
Viewer.”
80 Consolidated Logging