clog_wizard.1m (2012 03)
c
clog_wizard(1M) clog_wizard(1M)
Syslogd Co-existence
clog_wizard configures syslog-ng on log-consolidation servers and log-forwarding clients. syslog-ng is
configured to coexist with the local syslogd. The local syslogd is still used to perform all local logging
operations. syslog-ng is used to perform forwarding of the local log messages. The local syslogd sends
log messages to the local syslog-ng which forwards them using the selected transport, UDP or TCP, to
the consolidation server. The local syslogd is reconfigured to use the -N option so that syslog-ng can
listen on local UDP port 514. Note that this does not preclude the local syslogd from performing addi-
tional UDP forwarding to other consolidation servers.
Preparing to Run the Wizard
You must run the clog wizard on both the consolidation server and its clients. There are fewer questions
when running clog wizard on a client or in a non-Serviceguard environment.
In a Serviceguard cluster, all members of the cluster should be up when running the wizard. The wizard
needs to be run only once in the cluster and not on each cluster member.
Run the clog_wizard and answer the questions depending on the configuration you are setting up,
whether a server or a client. Different information is needed when running the wizard to set up a
configuration as a standalone server or as a server in a Serviceguard cluster.
For log-consolidation server configurations:
• Standalone server acting as a log consolidator:
• If using TCP, a free TCP port
• A filesystem with enough space to accommodate the expected log volume from the remote
clients. You can use the existing client /var/adm/syslog/syslog.log to estimate overall log-
ging volume. Be sure to allow room for anticipated growth.
• Whether to consolidate the server’s syslog logs with the consolidated syslogs from the remote
clients
• Serviceguard cluster intra-cluster consolidation:
• If using TCP, a free TCP port. The port must be a free port cluster-wide.
• A registered DNS name, IP address, and IP subnet for use by the clog Serviceguard package
• LVM shared storage for use with the package. This includes the LVM volume group, logical
volume, and filesystem. The filesystem should have enough space to accommodate the logging
demands of the cluster members, You can use the existing member-specific
/var/adm/syslog/syslog.log and member-specific package logs to estimate the space require-
ments. Be sure to allow room for growth.
• Whether to consolidate the cluster’s syslog and package logs
• Serviceguard cluster highly-available log consolidator:
This configuration has the same requirements as the previous Serviceguard cluster
configuration, and additionally:
• Since it will typically be serving more log-forwarding clients, filesystem disk-space demands
are greater.
• If using TCP, depending on the expected number of clients, make sure to increase syslog-ng’s
max-connections settings. The default is 10. The parameter max-connections() is set in the
"Server Source" line in the /etc/syslog-ng.conf.server file.
For log-forwarding client configurations:
• Standalone systems and Serviceguard clusters acting as log-forwarding clients
• The IP address or hostname of the consolidation server
• If the consolidation server is using TCP, the TCP port number to use
• If ssh port forwarding is being used to encrypt log traffic, a free local port for use by ssh
• Whether to forward the local syslog and package logs (for Serviceguard clusters)
Running the Wizard
The wizard has an interactive mode where it prompts for answers to the various questions. The answers
are saved along with other consolidated-logging configuration data in the file /etc/rc.config.d/syslog-ng.
The wizard also has a non-interactive mode using the file input_file option. The input file format is the
2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: March 2012