| SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Servers Administration Guide |    
|
| C H A P T E R 7 |
|
Log Archiving Facility |
You can set up the Service Processor to automatically archive its log data on a remote host.
This chapter contains these sections:
The persistent storage space on a Service Processor is limited. A portion of this space is set aside for logs, such as audit logs and error logs. Due to the limited space, some logs can grow to the point where old log entries must be overwritten or deleted.
These sections provide details on log archiving:
Log archiving increases the storage space available for logs on the Service Processor by transferring and storing log data on a server known as the archive host.
All connections established through log archiving are encrypted. The log archiving feature provides the ability to use an RSA public key to authenticate the archive host. You manage this public key on the Service Processor.
By default, log archiving is disabled. To use log archiving, you set up an archive host, and then enable log archiving on the Service Processor.
When enabled, log archiving periodically uses the secure copy program (scp) to transfer new log data to the archive host. Log archiving uses ssh to monitor the disk space consumed by archives. It deletes old archives when necessary, so that the space consumed by the archives will never exceed user-configurable archive space limits. However, for security reasons, log archiving does not automatically delete audit log archives. You can manually delete audit log archives that are no longer needed.
FIGURE 7-1 illustrates how log archiving works for a user interface on the archive host, and on the Service Processor.
As shown in FIGURE 7-1,
(1) Before enabling log archiving, create an archive directory on the archive host. There should be a separate archive directory for each system that uses the archive host. The directory permissions should be set so that only authorized users can access its contents.
(2) You configure the log archiving feature.
(3) As new data accumulates in logs, log archiving polls log files at fixed intervals to determine when new data needs to be archived.
(4) Log archiving uses scp to transfer log data to the archive host. It uses ssh to manage the logs which it previously copied.
As the Service Processor keeps track of archive space on the archive host, you should not store other files in these archive directories.
It is possible to set up the Service Processor so that it uses one of the domains in the same system as an archive host. However, this configuration does not provide optimal reliability and serviceability. Typically, a separate, remote server functions as the archive host.
The log archiving system handles typical errors by retrying and recording errors in the Event Log. Possible error causes include archive host downtime, network outages, and misconfiguration of the Service Processor and/or the archive host. You can use the showarchiving command to view the details of the last ten archiving failures, including the first 1000 characters of output from any command that failed.
Log data can also be collected and transferred from the Service Processor with the snapshot command. The snapshot tool does not extend or replace any other functionality, such as log archiving or logging of information using syslog. See the snapshot(8) man page for details on this tool.
|
1. Select a user account on the server that will be used as the archive host that the Service Processor will use to log in.
2. Log in to the archive host and create an archive directory.
3. Set the permissions of the archive directory as desired. The Service Processor log-in account must have read, write, and execute (rwx) permissions.
This section describes these tasks:
|
1. Log in to the XSCF console with platadm privileges.
2. Type the setarchiving command:
where user@host:directory is the user name, log archive host, and directory where the logs are to be stored, and -r prompts for the password for ssh login. See the setarchiving man page for additional options.
3. Type the setarchiving enable command:
After tests indicate the archive host is set up correctly, log archiving is enabled effective immediately. If the tests fail, you receive an error message that log archiving was not enabled, and the reason why.
|
1. Log in to the XSCF console with platadm privileges.
2. Type the setarchiving command:
|
1. Log in to the XSCF console with platadm, platop, or fieldeng privileges.
2. Type the showarchiving command:
|
1. Log in to the XSCF console with platadm, platop, or fieldeng privileges.
2. Type the showarchiving command:
The details of the last ten archiving failures will be displayed.
For additional information on this chapter’s topics, see:
|
SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Servers XSCF User’s Guide |
| SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Servers Administration Guide | E21618-01 |
|
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
To Configure the Log Archive Host