(12.4.2-en) Logging in IGEL OS 12
This article shows the options to configure local and remote logging for the device in IGEL OS.
You can use the System Log Viewer to access system logs. For more information, see (12.4.2-en) System Log Viewer in IGEL OS 12 .
Menu path: System > Logging
Local logging
☑ The log messages are stored locally in /var/log
. The format is human-readable. Log rotation is applied.
☐ The log messages are not stored locally.
Persistent log partition
This parameter is effective if Local logging is activated.
☑ The log messages are stored in a persistent partition on the device. This partition is encrypted.
☐ The log messages are stored in temporary files that are deleted on reboot.
Partition size in MB
Size of the persistent log partition
Remote mode
Possible options:
Server: The device receives log messages from a remote client.
Client: The device sends its log messages to a remote server.
Off: The device does not send or receive any log messages. (Default)
Remote Mode Switched to Server
You can configure the device to act as a syslog server. Other clients can send log files to this server; you can create a separate server configuration for each client.
Template for log file storage
Pattern from which the file path for storing the received log messages is created. For example, in /var/log/%HOSTNAME%/messages
. %HOSTNAME%
is the name of the sender which is configured under Name.
To manage the Server list:
Click to create a new entry.
Click to remove the selected entry.
Click to edit the selected entry.
Click to copy the selected entry.
Clicking brings up the Add dialogue, where you can define the following settings:
Local port
Port on which the local server listens for log messagesTransport protocol
Protocol to be used for the transmission of log messages
Possible options:TCP (Default)
UDP
Name
Hostname of the sender (optional). This is useful for filtering the log messages based on the clients that have sent them.Local address
Optional parameter; on multihomed machines (i. e. machines with multiple addresses), this specifies to which local address rsyslog is bound. If no address is specified it defaults to 0.0.0.0
, so that rsyslog listens on every network interface. For more information, see the official documentation at https://www.rsyslog.com/doc/v8-stable/configuration/modules/imtcp.html.
Remote Mode Switched to Client
You can configure one or more clients, e.g. one server for kernel messages and another server for authentication messages.
To manage the Clients list:
Click to create a new entry.
Click to remove the selected entry.
Click to edit the selected entry.
Click to copy the selected entry.
Clicking brings up the Add dialogue, where you can define the following settings:
Remote address
IP address or hostname of the remote server
Remote port
Port on which the server listens for log messages
Transport protocol
Protocol to be used for the transmission of log messages
Possible options:TCP (Default)
UDP
Syslog facility
Type of program for which log messages are created. (Default: Any)
Syslog level
Severity level of the event. (Default: Any)
Syslog style template
Format in which the messages are sent
Possible options:RSYSLOG_TraditionalForwardFormat (Default)
RSYSLOG_ForwardFormat
RSYSLOG_SyslogProtocol23Format
RSYSLOG_StdJSONFmt
TLS enabled
☑ TLS encryption for the transmission of log messages is enabled.
☐ Transmitted log messages are not encrypted. (Default)
CA certificate
Path to the local CA root certificate file in PEM format which is used to verify the authenticity of the X.509 certificate of your log collector and analyzer. If the UMS is used to transfer the certificate file to devices, the same path and file name as in the UMS must be entered. Example: /wfs/ca-certs/ca.pem
For more information, see https://igel-jira.atlassian.net/wiki/spaces/ENLITESECURITYP/pages/74821475.