HP Linux Server Management Software User Manual
Page 69
3.3.2.3.1 Manually Configuring a Standalone Log Forwarding Client
1.
To configure syslog-ng, start with the same syslog-ng.conf templates used by the
clog_wizard
.
Copy /opt/dsau/share/clog/templates/syslog-ng.conf.client.template
to /etc/syslog-ng.conf.client on Red Hat or /etc/syslog-ng/
syslog-ng.conf.client
on SLES. This file has tokens named <%token-name%> that
are replaced by the wizard based on the administrator’s answers to the wizard’s questions.
Manually replace the tokens in /etc/syslog-ng.conf.client on Red Hat or /etc/
syslog-ng/syslog-ng.conf.client
on SLES as follows:
a.
Delete the <%UDP_LOOPBACK_SOURCE%> and <%UDP_LOOPBACK_LOG%> tokens.
b.
Replace all the <%TYPE%> tokens with either tcp or udp depending on the desired log
transport.
c.
Find the line
“destination d_syslog_<%TYPE%>{<%TYPE%>(“<%IP%>” port(<%PORT%>)); };”
If using the UDP protocol, replace <%IP%> with the IP address of the log consolidation
server and <%PORT%> with 514, the standard UDP port.
If using the TCP protocol with ssh port forwarding, replace <%IP%> with 127.0.0.1 and
<%PORT%>
with the port chosen for ssh port forwarding. The same guidelines for
choosing a free syslog-ng TCP port apply to this port. For details, refer to
a Log Consolidation Standalone Server with clog_wizard” (page 50)
Non-interactive secure shell authentication must be set up between this system and the
log consolidator (you can use the /opt/dsau/bin/csshsetup tool for the
configuration). For details, refer to
“ssh Port Forwarding” (page 78)
.
If using the TCP protocol without ssh port forwarding, replace <%IP%> with the IP
address of the log consolidation server and <%PORT%> with TCP port chosen on the
log consolidator used for log consolidation.
d.
Create the following symbolic link:
ln -sf /etc/syslog-ng.conf.client /etc/syslog-ng.conf
on Red Hat or
ln -sf /etc/syslog-ng/syslog-ng.conf.client /etc/syslog-ng.conf
on SLES
3.3 Log Consolidation Configuration
69