HP XC System Software Administration Guide Version 3.2

ManualsBrandsHP ManualsSoftwareHP XC System 3.x Software

100

Filters Define the rules to segregate messages. For example, messages can be

separated by host, severity, facility, and so on.

Destinations Contains the devices and files where the messages are sent or saved.

Logs Combines the sources, filters, and destination into specific rules to handle

the different messages.

You can use a text editor, such as emacs or vi, to read the log files, and you can use a variety

of text manipulation commands to find, sort, and format these log files.

7.6.3 Modifying the syslog-ng Rules Files

The HP XC system supplies a default configuration of the syslog-ng rules. You can modify

the syslog-ng rules by modifying template files and reconfiguring the HP XC system.

NOTE: The HP XC system is not available for use while it is being reconfigured.

The syslog-ng rules are contained in the following templates:

Regional Template

This template dictates the syslog-ng rules for the aggregator nodes.

The full pathname is

/opt/hptc/syslog-ng/etc/regional/syslog_ng_regional_template

Global Template

This template dictates the syslog-ng rules for the master aggregator

node. The full pathname is

/opt/hptc/syslog-ng/etc/global/syslog_ng_global_template

For more information on the parameters that make up these templates, see the syslog-ng

documentation at the following web address:

http://www.balabit.com/products/syslog_ng/

The syslog-ng nconfigure script, which runs during the cluster_config utility, uses

these template files to build the /opt/hptc/syslog-ng/etc/syslog-ng/syslog-ng.conf

file.

Use the following procedure to modify the syslog-ng rules:

1. Log in as the superuser (root) on the head node.

2. Change to the /opt/hptc/syslog-ng/etc directory.

# cd /opt/hptc/syslog-ng/etc

3. Examine both template files in the global and regional directories to determine which

template file applies.

In this example, you must edit both template files.

4. Make a backup copy of the template file or files that you will modify.

# cp regional/syslog_ng_regional_template regional/template_backup

# cp global/syslog_ng_global_template global/template_backup

5. Use the editor of your choice to modify the template files.

IMPORTANT: Keep a record of the changes you make in the template files.

6. Use the shownode command to determine which nodes are the syslog-ng aggregator

nodes. This example assigns the node names to an environment variable.

# NODES=`shownode servers syslogng_forward`

7. Use the editor of your choice to make the same changes to the

/opt/hptc/syslog-ng/etc/syslog-ng/syslog-ng.conf file on each of the

appropriate syslog-ng aggregator nodes.

8. Restart the syslog-ng service on all the syslog-ng aggregator nodes:

# pdsh -w $NODES "service syslog-ng restart"

7.6 Logging Node Events 93