The syslog-ng Administrator Guide

After configuring the global options and a TCP communications client, you must start the Alliance subsystem ALLSYL100 to start collecting logs. On the configuration menu take the option to Start Syslog Subsystem. The following panel is displayed:

Figure 6.6. Start sending logs to the syslog-ng server

Press Enter to start the subsystem. Depending on the configuration options you have selected, the following jobs will appear in the subsystem:

You can use options on the Configuration menu to view active jobs in the Alliance ALLSYL100 subsystem, and to end the subsystem. You can also end the subsystem ALLSYL100 manually using the End Subsystem (ENDSBS) command with the *IMMED option.

	Note
	The first time you start the Alliance subsystem the audit journal and operator message queue processes will begin collecting information starting from the earliest message. If there is a substantial amount of history in the journal or message queue it may take time for these messages to be sent to the syslog-ng server.

Once you have the configuration the way you want you can automate the start of the ALLSYL100 subsystem by modifying the IPL start up program. The name of the IPL start up program is stored in system value QSTRUPPGM. The program is usually QSTRUP in library QGPL. You can modify this program to add the following statements to start the ALLSYL100 subsystem:

QSYS/STRSBS SBSD(ALLSYL100/ALLSYL100)
MONMSG MSGID(CPF0000)
            

You should place these statements after any commands that start the TCP/IP network services.

If you do not have the source for the QSTRUP program you can retrieve the source using the Retrieve CL Source (RTVCLSRC) command.