clog_wizard(1M)clog_wizard(1M)NAMEclog_wizard - Helps set up log-consolidation servers and clients.
clog_wizard is part of the Distributed Systems Administration Utilities
(DSAU).
SYNOPSIS
Path: /opt/dsau/sbin/clog_wizard
DESCRIPTION
The Consolidated Logging Wizard helps the administrator configure log-
consolidation servers and log-forwarding clients. It is part of the
Distributed Systems Administration Utilities (DSAU).
Centralized log consolidation provides benefits such as:
· Easier log file analysis
· Increased security
· Simplified archiving of logs
Standard syslogd(1M) offers UDP-based log forwarding to a central log-
consolidation server. DSAU uses the open source tool "syslog next-gen‐
eration" (syslog-ng) to perform log consolidation. syslog-ng offers
several critical features missing from the standard syslogd:
· Improved filtering features
· TCP transport with optional ssh port forwarding for encrypt‐
ing all forwarded log data
· Log rotation based on template output filenames
· Launching programs in response to log messages triggers
· Ability to forward additional text-based log files
Configuration Overview:
The wizard supports setting up the following log-consolidation configu‐
rations:
Log-consolidation server configurations:
· Standalone server acting as a log consolidator
Remote clients forward syslog entries to this system using
UDP, TCP, or TCP with SSH. The remote clients can be stand‐
alone systems or Serviceguard cluster members. For Service‐
guard clusters, the member-specific package logs can be for‐
warded and consolidated with one consolidated log per pack‐
age.
· Serviceguard cluster intra-cluster consolidation
When using Serviceguard clusters, the cluster can be config‐
ured to consolidate the per-member syslogs and the per-member
package logs for the cluster. This consolidation is offered
as a highly available service (clog package) for use by the
other cluster members. Intra-cluster log consolidation can
offer simplified package monitoring and problem diagnosis.
· Serviceguard cluster highly-available log consolidator
Log consolidation is configured as a Serviceguard package.
The cluster acts as a highly available log consolidation
server for a set of remote clients. The remote clients can
include standalone systems or other Serviceguard clusters.
Optionally, the members of the cluster can choose to consoli‐
date their local logs with the other consolidated logs.
Log-forwarding client configurations:
· Standalone system
The system can be configured to forward syslogs to a remote
consolidation server.
· Serviceguard cluster
The cluster can be configured to forward syslog and package
logs to a remote consolidation server.
Syslogd Co-existence
clog_wizard configures syslog-ng on log-consolidation servers and log-
forwarding clients. syslog-ng is configured to coexist with the local
syslogd. The local syslogd is still used to perform all local logging
operations. syslog-ng is used to perform forwarding of the local log
messages. The local syslogd sends log messages to the local syslog-ng
which forwards them using the selected transport, UDP or TCP, to the
consolidation server. The local syslogd is reconfigured to use the -N
option so that syslog-ng can listen on local UDP port 514. Note that
this does not preclude the local syslogd from performing additional UDP
forwarding to other consolidation servers.
Preparing to Run the Wizard
You must run the clog wizard on both the consolidation server and its
clients. There are fewer questions when running clog wizard on a
client or in a non-Serviceguard environment.
In a Serviceguard cluster, all members of the cluster should be up when
running the wizard. The wizard needs to be run only once in the clus‐
ter and not on each cluster member.
Run the clog_wizard and answer the questions depending on the configu‐
ration you are setting up, whether a server or a client. Different
information is needed when running the wizard to set up a configuration
as a standalone server or as a server in a Serviceguard cluster.
For log-consolidation server configurations:
· Standalone server acting as a log consolidator:
· If using TCP, a free TCP port
· A filesystem with enough space to accommodate the expected
log volume from the remote clients. You can use the
existing client /var/adm/syslog/syslog.log to estimate
overall logging volume. Be sure to allow room for antici‐
pated growth.
· Whether to consolidate the server's syslog logs with the
consolidated syslogs from the remote clients
· Serviceguard cluster intra-cluster consolidation:
· If using TCP, a free TCP port. The port must be a free
port cluster-wide.
· A registered DNS name, IP address, and IP subnet for use
by the clog Serviceguard package
· LVM shared storage for use with the package. This
includes the LVM volume group, logical volume, and
filesystem. The filesystem should have enough space to
accommodate the logging demands of the cluster members,
You can use the existing member-specific /var/adm/sys‐
log/syslog.log and member-specific package logs to esti‐
mate the space requirements. Be sure to allow room for
growth.
· Whether to consolidate the cluster's syslog and package
logs
· Serviceguard cluster highly-available log consolidator:
This configuration has the same requirements as the previous
Serviceguard cluster configuration, and additionally:
· Since it will typically be serving more log-forwarding
clients, filesystem disk-space demands are greater.
· If using TCP, depending on the expected number of clients,
make sure to increase syslog-ng's max-connections set‐
tings. The default is 10. The parameter max-connec‐
tions() is set in the "Server Source" line in the
/etc/syslog-ng.conf.server file.
For log-forwarding client configurations:
· Standalone systems and Serviceguard clusters acting as log-
forwarding clients
· The IP address or hostname of the consolidation server
· If the consolidation server is using TCP, the TCP port
number to use
· If ssh port forwarding is being used to encrypt log traf‐
fic, a free local port for use by ssh
· Whether to forward the local syslog and package logs (for
Serviceguard clusters)
Running the Wizard
The wizard has an interactive mode where it prompts for answers to the
various questions. The answers are saved along with other consoli‐
dated-logging configuration data in the file /etc/rc.config.d/syslog-
ng. The wizard also has a non-interactive mode using the file
input_file option. The input file format is the same as /etc/rc.con‐
fig.d/syslog-ng and the various settings are described there. If this
file is not present on your system, refer to /opt/dsau/newcon‐
fig/etc/rc.config.d/syslog-ng When running the wizard additional times,
default values are read from /etc/rc.config.d/syslog-ng
SERVICEGUARD AUTOMATION FEATURES
When using the consolidation logging tools in a Serviceguard cluster,
Serviceguard 11.17 or later is required for certain automated configu‐
ration actions to be supported. Specifically:
· When adding and removing packages, the syslog-ng configura‐
tion files are automatically updated to track the package and
perform the necessary package-log consolidation
· When adding new members to the cluster, syslog-ng is automat‐
ically configured for use on the new member
For versions of Serviceguard earlier than 11.17, tracking cluster state
changes will require manual intervention and management of the configu‐
ration files.
NETWORKING FEATURES
When using TCP with ssh port forwarding, port forwarding is configured
on the client side. If the client loses its connection to the consoli‐
dation server, the client will retry to establish the connection. The
frequency with which to retry is controlled by variables defined in
/etc/rc.config.d/syslog-ng.
Syslog-ng's retry timer is controlled via the time_reopen parameter set
in /etc/syslog-ng.conf.client. See the syslog-ng documentation for
details at: /opt/dsau/doc/syslog-ng.
Options
-f | --file filename
Reads a list of keyword:value pairs from filename that are
required to configure log consolidation. The format is the
same as the /etc/rc.config.d/syslog-ng file. The various
settings are described in that file's heaader.
-h| --help | -?
Displays help on clog_wizard command options.
-V | --version
Displays current version of the product.
On Package-Creation Errors
When running the wizard in a Serviceguard cluster to define a highly
available server configuration, the wizard creates a package. If there
are any errors during package creation, the messages from the package-
creation commands are displayed. Refer to the log files in the clog
package directory for detailed information on any errors. For example:
followed by . Refer to /var/adm/syslog/syslog.log (on HP-UX) or
/var/log/messages (on Linux) for additional information on the package
logs.
If the wizard encounters other errors, it will restore the system con‐
figuration back to its initial state.
For VXvM Users
For Serviceguard clusters, the wizard supports package creation using
only LVM-based volume groups. For VXvM users, the simplest workaround
is to allow the wizard to configure using LVM and after it's finished,
modify the resulting package in /etc/cmcluster/clog/ to use VXvM.
AUTHORSclog_wizard was developed by Hewlett-Packard.
FILES
HP-UX:
/etc/rc.config.d/syslog-ng
HP-UX log-consolidation configuration file
/etc/rc.config.d/syslogd
HP-UX syslogd configuration file
/sbin/init.d/syslog-ng
HP-UX syslog-ng start/stop script
Linux:
/etc/sysconfig/syslog-ng
Linux log-consolidation configuration file
/etc/sysconfig/syslogd
Linux syslogd configuration file
/etc/init.d/syslog-ng
Linux syslog-ng start/stop script
Serviceguard Package Files:
SGCONF/clog
Serviceguard package control script
SGCONF/clog/clog.conf
Serviceguard package configuration file
/etc/syslog-ng.conf
Symbolic link to the /etc/syslog-ng.conf.client or the
/etc/syslog-ng.conf.server file.
/etc/syslog-ng.conf.server
Log-consolidation server configuration file
/etc/syslog-ng.conf.client
Log-consolidation client configuration file
/etc/syslog.conf
syslogd configuration file
/etc/services
Associates official service names and aliases with the port
number and protocol the services use.
SEE ALSOsyslog-ng(8), csshsetup(1), ssh(1), System Management Homepage, Dis‐
tributed Systems Administration Utilities User's Guide at
http://docs.hp.com.
clog_wizard(1M)