In this section:
The SBC provides an option to provision a new parameter Rsyslog Profile
. This profile uses local and remote certificates imported to the SBC and generates the three certificate files required for the rsyslog.conf
file to support communication for Rsyslog.
To create a new RsyslogTls
Profile, assign the local and remote Certificates to the profile and generate the three Certificate files required for Rsyslog:
set profiles security RsyslogTlsProfile rSyslogprofile clientCertName localCert serverCaCertName remoteCert
The Rsyslog supports TLS over TCP using the protocol types tls-tcp
.
The Rsyslog Event Logs and the Linux Audit Logs support these new protocol types. The rsyslog.conf
file supports TLS using the three TLS Certificate files created. The appropriate ACL rule is created to allow the SBC to communicate through the Application layer to the remote server on the IP Address, port and TLS protocol type.
set oam eventLog typeAdmin <log_type> syslogRemoteHost <ip_address> syslogRemotePort <port_no> syslogRemoteProtocol <tls-tcp> syslogState enabled state enabled set oam eventLog platformAuditLogs auditLogRemoteHost <ip_address> auditLogPort <port_no> auditLogProtocolType <tls-tcp> state enabled
For the PSX-related changes, refer to PSX Log Servers.
####################################EVENT LOGS CONFIGURATION on 3 REMOTE SYSLOG SERVERS ############ set oam eventLog typeAdmin system servers server1 syslogRemoteHost fd00:10:6b50:44e0::30 syslogRemotePort 515 syslogRemoteProtocol tcp set oam eventLog typeAdmin debug servers server1 syslogRemoteHost fd00:10:6b50:44e0::30 syslogRemotePort 515 syslogRemoteProtocol tcp set oam eventLog typeAdmin trace servers server1 syslogRemoteHost fd00:10:6b50:44e0::30 syslogRemotePort 515 syslogRemoteProtocol tcp set oam eventLog typeAdmin acct servers server1 syslogRemoteHost fd00:10:6b50:44e0::30 syslogRemotePort 515 syslogRemoteProtocol tcp set oam eventLog typeAdmin security servers server1 syslogRemoteHost fd00:10:6b50:44e0::30 syslogRemotePort 515 syslogRemoteProtocol tcp set oam eventLog typeAdmin audit servers server1 syslogRemoteHost fd00:10:6b50:44e0::30 syslogRemotePort 515 syslogRemoteProtocol tcp set oam eventLog typeAdmin system servers server2 syslogRemoteHost 10.54.49.58 syslogRemotePort 516 syslogRemoteProtocol relp set oam eventLog typeAdmin debug servers server2 syslogRemoteHost 10.54.49.58 syslogRemotePort 516 syslogRemoteProtocol relp set oam eventLog typeAdmin trace servers server2 syslogRemoteHost 10.54.49.58 syslogRemotePort 516 syslogRemoteProtocol relp set oam eventLog typeAdmin acct servers server2 syslogRemoteHost 10.54.49.58 syslogRemotePort 516 syslogRemoteProtocol relp set oam eventLog typeAdmin security servers server2 syslogRemoteHost 10.54.49.58 syslogRemotePort 516 syslogRemoteProtocol relp set oam eventLog typeAdmin audit servers server2 syslogRemoteHost 10.54.49.58 syslogRemotePort 516 syslogRemoteProtocol relp set oam eventLog typeAdmin system servers server3 syslogRemoteHost fd00:10:6b50:4300::13b syslogRemotePort 517 syslogRemoteProtocol tls-tcp set oam eventLog typeAdmin debug servers server3 syslogRemoteHost fd00:10:6b50:4300::13b syslogRemotePort 517 syslogRemoteProtocol tls-tcp set oam eventLog typeAdmin trace servers server3 syslogRemoteHost fd00:10:6b50:4300::13b syslogRemotePort 517 syslogRemoteProtocol tls-tcp set oam eventLog typeAdmin acct servers server3 syslogRemoteHost fd00:10:6b50:4300::13b syslogRemotePort 517 syslogRemoteProtocol tls-tcp set oam eventLog typeAdmin security servers server3 syslogRemoteHost fd00:10:6b50:4300::13b syslogRemotePort 517 syslogRemoteProtocol tls-tcp set oam eventLog typeAdmin audit servers server3 syslogRemoteHost fd00:10:6b50:4300::13b syslogRemotePort 517 syslogRemoteProtocol tls-tcp set oam eventLog typeAdmin system syslogState enabled set oam eventLog typeAdmin debug syslogState enabled set oam eventLog typeAdmin trace syslogState enabled set oam eventLog typeAdmin acct syslogState enabled set oam eventLog typeAdmin securitys syslogState enabled set oam eventLog typeAdmin audit syslogState enabled ################# LINUX LOGS CONFIGURATION on 3 REMOTE SYSLOG SERVERS ###################### set oam eventLog platformRsyslog servers server1 remoteHost fd00:10:6b50:44e0::30 port 515 protocolType tcp set oam eventLog platformRsyslog servers server2 remoteHost 10.54.49.58 port 516 protocolType relp set oam eventLog platformRsyslog servers server3 remoteHost fd00:10:6b50:4300::13b port 517 protocolType tls-tcp set oam eventLog platformRsyslog linuxLogs authLog enabled consoleLog enabled cronLog enabled daemonLog enabled fipsLog enabled kernLog enabled ntpLog enabled platformAuditLog enabled sftpLog enabled syslogLog enabled userLog enabled set oam eventLog platformRsyslog syslogState enabled