Tip
This is the documentation for the 24.06 version. Looking for the documentation of the latest version? Have a look here.
Send Logs to Remote Host¶
TNSR can send log data to a remote log server reachable through the host
namespace using the rsyslog
service. This feature allows that server to
receive log data from a TNSR host so it can be processed externally. This
feature does not affect local logging behavior.
Tip
Using a remote log server is a best practice for long-term log storage, monitoring, and analysis. This method is commonly used for compliance with various regulations or policies for log retention.
Warning
Log data may contain sensitive information and remote logging is not encrypted. Log data should only be sent to remote log servers over a secure direct connection or via encrypted transport such as a VPN.
Note
At this time, this feature only supports the host
namespace.
Remote Logging Configuration¶
To configure remote logging, define one or more remote logging servers. Starting
from config
mode, use the logging remote-server <name>
command which
enters config-log-remote
mode.
The following commands are available within config-log-remote
mode to
configure a remote logging server:
- address (<fqdn>|<ipv4-addr>|<ipv6-addr>):
Defines the remote address of the log server, which can be a fully qualified domain name (hostname), IPv4 address, or IPv6 address.
This command is required.
- port <port>:
Defines the destination port on the server
address
to which the daemon will send log data.This command is required.
Note
This only controls the destination port. The daemon always randomizes the source port and the server must accept log messages from any source port.
- transport-protocol (tcp|udp):
Controls which transport protocol the daemon will use to send log data to the server. The server must be configured to match.
This command is required.
- filter syslog-facility (all|<facility-name>) [priority <priority-name>]:
Defines a filter which limits the log data the daemon will send to the remote log server. This can either be a specific facility name, or a facility name and priority. This command can be repeated to configure multiple filters.
This command is optional.
- syslog-facility (all|auth|authpriv|cron|daemon|ftp|kern|local[0-7]|lpr|mail|news|syslog|user|uucp):
Limits log messages to only those using a specific log facility. Log sources use these facilities to describe which part of a system generated a log message.
- priority (debug|info|notice|warning|err|crit|alert|emerg):
Limits log message output to messages with the given priority level and higher. The order of priorities is as listed above. For example, if
priority crit
is specified, that also includes messages foralert
andemerg
priorities.
Remote Logging Example¶
The following example covers configuring TNSR to send all log data to a remote
log server at 198.51.100.52
on UDP port 512
which is directly reachable
from the host
namespace.
The server configuration will vary by implementation and is out of scope for this basic example. At a minimum it must allow incoming log data from any source port on the IP address of the host management interface for this TNSR instance.
Warning
The rsyslogd
daemon sends log messages from a randomized source port.
Some log servers only accept log messages from a source port of 514
by
default or they may route messages differently depending on the source port.
Ensure the log server is configured to allow incoming log messages from
any source port.
Starting from config
mode, run the following commands to configure the
example log server:
tnsr(config)# logging remote-server loghost
tnsr(config-log-remote)# address 198.51.100.52
tnsr(config-log-remote)# port 514
tnsr(config-log-remote)# transport-protocol udp
tnsr(config-log-remote)# exit
tnsr(config)#