Configuring platform system log forwarding
An embedded extension included with IBM® Cloud Private Cloud Foundry allows you to configure forwarding of local syslog events in RFC5424 format from your IBM Cloud Private Cloud Foundry platform to a remote syslog endpoint.
The cfp-ext-syslog-forwarder
extension enables this functionality, and it supports a number of different configuration options, including secure communications using TLS and mutual-certificate based authentication. If you want to forward
syslog events to the built-in ElasticStack in IBM Cloud Private, the ibm-cflogging
Helm chart can automatically configure this extension during installation of the chart. See Connecting to Elasticstack in IBM Cloud Private for more information.
To send syslog events to a remote syslog endpoint of your choice, enable the cfp-ext-syslog-forwarder
extension. You can enable extensions by using a CLI or user interface. To use the CLI, prepare your configuration file according to
Configuration Values. Next, follow the instructions for Running the extension, skipping the registration step since this is an embedded extension included
with the product.
If you prefer to use the user interface, the cfp-ext-syslog-forwarder
offers guided editing of the configuration values. Select a configuration type of Insecure
, Server TLS
, or Mutual TLS
. The
user interface displays the required and optional configuration values for the selected scenario. The user interface provides descriptions, sample values, and validation of the configuration values. For information about extensions, see Managing extensions and Configurations.
Configuration Values
Provide the following required configuration values to configure syslog forwarding.
- syslog_address
IP address or domain of the server to receive syslogs - syslog_port
port on which the syslog server is listening
These optional configuration values are also available.
- configuration_name Configuration name for UI-assisted entry of the configuration values. Valid values are
insecure
,server_tls
, ormutual_tls
. - syslog_transport
Default:tcp
Transport for syslog forwarding. Valid values aretcp
,udp
, orrelp
. - syslog_fallback_servers:
A list of fallback servers to use should the main syslog server be unavailable. Each list item has three keys (address, port, and transport) that define the fallback server. This is supported only when transport for primary and fallback servers is specified astcp
orrelp
. - syslog_custom_rule
Custom rules for rsyslog are written in RainerScript. For example:if ($msg contains "DEBUG") then stop
- syslog_tls_enabled
Default:false
Forwards syslogs over a secure connection (syslog_transport must betcp
when TLS is enabled). - syslog_permitted_peer
Host name of the syslog server to be verified when using TLS (wildcard*
permitted). - syslog_ca_cert
Certificate Authority to trust when TLS is enabled, if server certificate is self-signed or signed by a CA that is not available in the default certificate store. - syslog_cert
Client certificate for rsyslog; when both client certificate and client key are provided, mutual TLS is enabled. - syslog_key
Client key (without passphrase) for rsyslog; when both client certificate and client key are provided, mutual TLS is enabled.
Example Configuration
The configuration values must be specified as children of a uiconfig key as in the following example.
uiconfig:
configuration_name: mutual_tls
syslog_address: log1.logstash.example.com
syslog_port: 5000
syslog_transport: tcp
syslog_fallback_servers:
- address: log2.logstash.example.com
port: 5001
transport: tcp
- address: log3.logstash.example.com
port: 5001
transport: tcp
syslog_tls_enabled: true
syslog_permitted_peer: *.logstash.example.com
syslog_ca_cert: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
syslog_cert: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
syslog_key: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----