Document toolboxDocument toolbox

(12.4-en) Logging in IGEL OS 12

This article shows the options to configure local and remote logging for the device in IGEL OS. 

You can use the System Log Viewer to access system logs. For more information, see (12.4-en) System Log Viewer in IGEL OS 12.


Menu path: System > Logging

 

 

Local logging

☑ The log messages are stored locally in /var/log. The format is human-readable. Log rotation is applied.

☐ The log messages are not stored locally.

 

Persistent log partition

This parameter is effective if Local logging is activated.

☑ The log messages are stored in a persistent partition on the device. This partition is encrypted.

☐ The log messages are stored in temporary files that are deleted on reboot.

Partition size in MB

Size of the persistent log partition

 

Remote mode

Possible options:

  • Server: The device receives log messages from a remote client.

  • Client: The device sends its log messages to a remote server.

  • Off: The device does not send or receive any log messages. (Default)

Remote Mode Switched to Server

You can configure the device to act as a syslog server. Other clients can send log files to this server; you can create a separate server configuration for each client.

 

Template for log file storage

Pattern from which the file path for storing the received log messages is created. For example, in /var/log/%HOSTNAME%/messages. %HOSTNAME% is the name of the sender which is configured under Name

 

To manage the Server list:

  • Click image-20240716-112052.png to create a new entry.

  • Click image-20240716-112056.png to remove the selected entry.

  • Click image-20240716-112059.png to edit the selected entry.

  • Click image-20240716-112103.png to copy the selected entry.

 

Clicking image-20240716-111938.png brings up the Add dialogue, where you can define the following settings:

 

  • Local port
    Port on which the local server listens for log messages

  • Transport protocol
    Protocol to be used for the transmission of log messages
    Possible options:

    • TCP (Default)

    • UDP

  • Name
    Hostname of the sender (optional). This is useful for filtering the log messages based on the clients that have sent them.

  • Local address

Optional parameter; on multihomed machines (i. e. machines with multiple addresses), this specifies to which local address rsyslog is bound. If no address is specified it defaults to 0.0.0.0, so that rsyslog listens on every network interface. For more information, see the official documentation at https://www.rsyslog.com/doc/v8-stable/configuration/modules/imtcp.html.

Remote Mode Switched to Client

You can configure one or more clients, e.g. one server for kernel messages and another server for authentication messages.

To manage the Clients list:

  • Click image-20240716-112052.png to create a new entry.

  • Click image-20240716-112056.png to remove the selected entry.

  • Click image-20240716-112059.png to edit the selected entry.

  • Click image-20240716-112103.png to copy the selected entry.

 

Clicking image-20240716-111938.png brings up the Add dialogue, where you can define the following settings:

 

  • Remote address

IP address or hostname of the remote server

  • Remote port

Port on which the server listens for log messages

  • Transport protocol
    Protocol to be used for the transmission of log messages
    Possible options:

    • TCP (Default)

    • UDP

  • Syslog facility

Type of program for which log messages are created. (Default: Any)

  • Syslog level

Severity level of the event. (Default: Any)

  • Syslog style template
    Format in which the messages are sent
    Possible options:

    • RSYSLOG_TraditionalForwardFormat (Default)

    • RSYSLOG_ForwardFormat

    • RSYSLOG_SyslogProtocol23Format

    • RSYSLOG_StdJSONFmt

  • TLS enabled

☑ TLS encryption for the transmission of log messages is enabled.

☐ Transmitted log messages are not encrypted. (Default)

  • CA certificate

Path to the local CA root certificate file in PEM format which is used to verify the authenticity of the X.509 certificate of your log collector and analyzer. If the UMS is used to transfer the certificate file to devices, the same path and file name as in the UMS must be entered. Example: /wfs/ca-certs/ca.pem
For more information, see https://igel-jira.atlassian.net/wiki/spaces/ENLITESECURITYP/pages/74821475.