beautypg.com

1 understanding the event logging structure, 2 the syslog-ng.conf rules file, 3 modifying the syslog-ng rules files – HP Insight Control Software for Linux User Manual

Page 194

background image

23.7.1 Understanding the event logging structure

Insight Control for Linux uses syslog-ng to log events. Each managed system is configured to
forward its syslog events to syslog-ng running on the CMS.

Each managed system runs the syslogd daemon and passes events of priority warning or higher
to the CMS.

The CMS runs the syslogng_forward service and writes the events it receives from its managed
systems to the /hptc_cluster/adm/logs/consolidated.log file.

23.7.2 The syslog-ng.conf rules file

The syslog-ng.conf rules file defines the order of importance by which the log files are arranged.

The /opt/hptc/syslog-ng/etc/syslog-ng/syslog-ng.conf file defines a series of rules
for the syslogng_forward service on how to handle messages from its clients. The
syslog-ng.conf

file contains five types of rules:

Options

Defines generic information such as reconnection timeouts, FIFO size limits,
and so on.

Sources

Defines the different sources from which messages are obtained.

Filters

Defines the rules to segregate messages. For example, messages can be
separated by host, severity, facility, and so on.

Destinations

Contains the devices and files where the messages are sent or saved.

Logs

Combines the sources, filters, and destination into specific rules to handle the
different messages.

You can use a text editor such as emacs or vi to read the log files, and you can use a variety of
text manipulation commands to find, sort, and format these log files.

23.7.3 Modifying the syslog-ng rules files

Insight Control for Linux supplies a default configuration for the syslog-ng rules. You can modify
the syslog-ng rules configuration by modifying template files.

The syslog-ng rules are contained in the following template:
Global Template

Dictates the syslog-ng rules. The full path name is /opt/hptc/
syslog-ng/etc/global/syslog_ng_global_template

For more information on the parameters that make up these templates, see the syslog-ng
documentation at the following website:

http://www.balabit.com/products/syslog_ng/

The syslog-ng nconfigure script uses these template files to build the /opt/hptc/
syslog-ng/etc/syslog-ng/syslog-ng.conf

file.

To modify the syslog-ng rules, follow these steps:
1.

Log in to the CMS as root.

2.

Change to the /opt/hptc/syslog-ng/etc directory:

# cd /opt/hptc/syslog-ng/etc

3.

Make a backup copy of the template file:

# cp global/syslog_ng_global_template global/template_backup

4.

Use a text editor to modify the template file.

5.

Restart the syslog-ng service:

# /etc/init.d/syslog-ng restart

194

Miscellaneous topics

See also other documents in the category HP Software: