HP Linux Server Management Software User Manual

After entering the hostname or IP address of the log consolidation server, the wizard asks if you
want to use the TCP transport when forwarding log messages:

You can choose to forward logs to the consolidator using either
the UDP protocol or the TCP protocol (recommended).

Do you want to use the TCP protocol? (y/n) [y]:

Standard syslogd forwards messages using the UDP protocol. UDP is a high-performance,
broadcast-oriented protocol with no flow control or message delivery verification. syslog-ng
supports syslogd’s UDP protocol and a TCP protocol. The TCP transport offers both flow
control and message delivery checks. However, since TCP is a connection-oriented protocol, it
requires additional resources on the log consolidation server. The consolidation server’s
max-connections

attribute must be set according to the maximum number of expected clients.

Refer to the section

“Configuring a Log Consolidation Standalone Server with clog_wizard”

(page 50)

for a discussion of the max-connections setting.

If you answer “yes” to using TCP, the next question asks for the TCP port to forward messages
to:

Ask the administrator of the consolidation server which TCP
port was configured for receiving logs.

Enter the TCP port configured on the CONSOLIDATOR for
receiving logs []: 1776

You must use the TCP port selected by the system administrator of the log consolidation server.
If the clog_wizard was used to configure the server, the port number is saved in
/etc/sysconfig/syslog-ng

as the variable CLOG_TCP_PORT. In this example, TCP port

1776 was used. If you answer “yes” to the TCP question, the following question is displayed:

The TCP protocol can be used together with Secure
Shell port forwarding to enhance security. Each member
of this cluster must already have non interactive Secure
Shell Authentication set up with the consolidator. You
can use the tool /opt/dsau/bin/csshsetup to configure
non interactive Secure Shell Authentication.

Do you want to configure Secure Shell port forwarding? (y/n) [y]:

Choose yes in order to use ssh port forwarding. This will encrypt all the traffic sent from this
local log forwarding client to the log consolidator.

NOTE:

A special ssh security configuration is required on the server when a Serviceguard

cluster is the log consolidation server. For details, refer to

“ssh Port Forwarding” (page 78)

.

ssh

port forwarding requires an additional free TCP port on the local client system:

You need to choose a free port on this cluster for ssh port forwarding. The port chosen should
be free on all cluster nodes.

Enter the ssh port to be used for port forwarding []: 1775

The same guidelines for choosing a free syslog-ng TCP port apply to this port. For details,
refer to

“Configuring a Log Consolidation Standalone Server with clog_wizard” (page 50)

. In

this example, the local port 1775 was used. For a Serviceguard cluster log forwarding client, the
cluster’s syslogs and package logs can be forwarded to the log consolidation server. For a
standalone system, the wizard asks only about forwarding syslog messages:

Log files that reside on this cluster can be forwarded to the
consolidator.

Would you like to forward this cluster's syslogs? (y/n) [y]:

Would you like to forward this cluster's package logs? (y/n) [y]:

58

Consolidated Logging