beautypg.com

HP Linux Server Management Software User Manual

Page 61

background image

destination d_syslog { file(“<%FS%>/syslog/syslog.log”); };

becomes:

destination d_syslog { file(“/clog/syslog/syslog.log”); };

Make sure that this directory exists or the appropriate filesystem is mounted. Since
consolidated logs can grow quite large, HP recommends that this filesystem use the largefiles
option and that there is sufficient room for growth.

When using TCP, record the port number you choose above in the /etc/services file.
For example, add the line:

clog_tcp 1776/tcp # Consolidated logging with syslog-ng

Create the following symbolic link:

ln -sf /etc/syslog-ng.conf.server /etc/syslog-ng.conf

on Red Hat

ln -sf /etc/syslog-ng/syslog-ng.conf.server /etc/syslog-ng/syslog-ng.conf

on SLES

The syslog-ng startup procedure, /etc/init.d/syslog-ng, relies on several
configuration variables. Edit /etc/sysconfig/syslog-ng as follows:
— Change the CLOG_CONFIGURED line to:

CLOG_CONFIGURED=1

— Add the following lines:

CLOG_CONSOLIDATOR=1
CLOG_FS=

If using the TCP protocol, add:

CLOG_TCP=1
CLOG_TCP_PORT=

otherwise, if using the UDP protocol, add:

CLOG_TCP=0

If consolidating the local syslogs, add:

CLOG_SYSLOG=1

otherwise add:

CLOG_SYSLOG=0

For a standalone consolidator, add the following:

CLOG_SYSTEM_LOG_CONSOLIDATION_DIR=<consolidated log directory/syslog>
CLOG_SERVICEGUARD_PACKAGE_LOG_CONSOLIDATION_DIR=<consolidated log directory/packages>

— Add the following two values that are used by the System File Viewer:

CLOG_LAYOUTS_DIR=/var/opt/dsau/layouts
CLOG_ADDITIONAL_LOG_DIRS[0]=/var/log

Test the configuration by performing the following steps:
1.

Run /sbin/syslog-ng with the -s or --syntax-only option to verify the syntax
of the /etc/syslog-ng.conf file on Red Hat or /etc/syslog-ng/
syslog-ng.conf

on SLES. This should be a symbolic link to /etc/

syslog-ng.conf.server

on Red Hat or /etc/syslog-ng/

syslog-ng.conf.server

on SLES as described previously.

2.

Start syslog-ng using /etc/init.d/syslog-ng start.

3.

If consolidating the local syslogs, use logger and make sure this
message is in the consolidated syslog.log. If you are not consolidating the local logs,
use the logger command from a log forwarding client. Note that the logger messages
are first sent to the local syslog which forwards them to syslog-ng. syslogd by

3.3 Log Consolidation Configuration

61

See also other documents in the category HP Software: