Document toolboxDocument toolbox

(12.4-en_orig) Logging

This article shows the options to configure local and remote logging for the device in IGEL OS. 

You can use the System Log Viewer to access system logs. For more information, see (12.4-en_orig) System Log Viewer.

 


Menu path: System > Logging

 

 

Local logging

 The log messages are stored locally in /var/log. The format is human-readable. Log rotation is applied.

 The log messages are not stored locally.

 

Persistent log partition

This parameter is effective if Local logging is activated.

The log messages are stored in a persistent partition on the device. This partition is encrypted.

The log messages are stored in temporary files that are deleted on reboot.

 

Partition size in MB

Size of the persistent log partition

 

Remote mode

Possible options:

  • Server: The device receives log messages from a remote client.

  • Client: The device sends its log messages to a remote server.

  • Off: The device does not send or receive any log messages. (Default)

Remote Mode Switched to Server

You can configure the device to act as a syslog server. Other clients can send log files to this server; you can create a separate server configuration for each client.

 

Template for log file storage

Pattern from which the file path for storing the received log messages is created. For example, in /var/log/%HOSTNAME%/messages. %HOSTNAME% is the name of the sender which is configured under Name

 

To manage the Server list:

  • Click 

     to create a new entry.

  • Click 

     to remove the selected entry.

  • Click 

     to edit the selected entry.

  • Click 

     to copy the selected entry.

 

Clicking  brings up the Add dialogue, where you can define the following settings:

  • Local port

Port on which the local server listens for log messages

  • Transport protocol

Protocol to be used for the transmission of log messages
Possible options:

  •  

    • TCP (Default)

    • UDP

  • Name

Hostname of the sender (optional). This is useful for filtering the log messages based on the clients that have sent them.

  • Local address

Optional parameter; on multihomed machines (i. e. machines with multiple addresses), this specifies to which local address rsyslog is bound. If no address is specified it defaults to 0.0.0.0, so that rsyslog listens on every network interface. For more information, see the official documentation at https://www.rsyslog.com/doc/v8-stable/configuration/modules/imtcp.html.

Remote Mode Switched to Client

You can configure one or more clients, e.g. one server for kernel messages and another server for authentication messages.

 

To manage the Clients list:

  • Click 

     to create a new entry.

  • Click 

     to remove the selected entry.

  • Click 

     to edit the selected entry.

  • Click 

     to copy the selected entry.

 

Clicking  brings up the Add dialogue, where you can define the following settings:

  • Remote address

IP address or hostname of the remote server

  • Remote port

Port on which the server listens for log messages

  • Transport protocol

Protocol to be used for the transmission of log messages
Possible options:

  •  

    • TCP (Default)

    • UDP

  • Syslog facility

Type of program for which log messages are created. (Default: Any)

  • Syslog level

Severity level of the event. (Default: Any)

  • Syslog style template

Format in which the messages are sent
Possible options:

  •  

    • RSYSLOG_TraditionalForwardFormat (Default)

    • RSYSLOG_ForwardFormat

    • RSYSLOG_SyslogProtocol23Format

    • RSYSLOG_StdJSONFmt

  • TLS enabled

 TLS encryption for the transmission of log messages is enabled.

Transmitted log messages are not encrypted. (Default)

  • CA certificate

Path to the local CA root certificate file in PEM format which is used to verify the authenticity of the X.509 certificate of your log collector and analyzer. If the UMS is used to transfer the certificate file to devices, the same path and file name as in the UMS must be entered. Example: /wfs/ca-certs/ca.pem
For more information, see Logging and Log Evaluation.