Syslog
You can configure the gateway to send all logs to a remote syslog server for centralized monitoring.
To enable syslog forwarding, you need to create an ansible override file:
Note
The included syslog template supports only basic rsyslog functionality. If
you need a more advanced setup, skip this section and create your own
rsyslog configuration file in /etc/rsyslog.d/
.
Create the file using the Cockpit File Browser (or use an SSH client)
/etc/ciphermail/ansible/group_vars/all/syslog.yml
Paste the following configration:
--- # The hostname or IP address of the syslog server that log messages should be # sent to. Leaving this empty disables the remote logging functionality. ciphermail_appliance__syslog_server: <hostname-or-ip> # The transport protocol used to deliver the log messages to the syslog server, # either 'tcp' or 'udp'. ciphermail_appliance__syslog_protocol: 'tcp' # The transport protocol port number of the syslog server. ciphermail_appliance__syslog_port: '{{ 6514 if ciphermail_appliance__syslog_tls else 514 }}' # Boolean, whether to secure syslog traffic with TLS. Please ensure your syslog # server meets (and continues to meet) these requirements before enabling this: # - TLS is enabled (requires TCP transport). # - TLS certificate chains up to a CA certificate that is trusted by the # inventory host (see ciphermail_appliance__additional_ca_certificates). # - All intermediate certificates are sent by the server. # - All certificates are valid (not expired, meeting nameConstraints, etc). # - Server certificate is valid for the hostname specified in # ciphermail_appliance__syslog_server. ciphermail_appliance__syslog_tls: false # The syslog selector used when sending log messages to the syslog server. ciphermail_appliance__syslog_selector: '*.*' # Specifies the interval in seconds onto which rate-limiting is to be applied. # If more than ratelimit.burst messages are read during that interval, further messages up to the end of the interval # are discarded. ciphermail_appliance__syslog_rate_limit_interval: '60'
Replace
<hostname-or-ip>
with the hostname of IP of the remote syslog server. Change the other parameters when required.Hint
All the above settings use their default values except the syslog server setting (ciphermail_appliance__syslog_server). If you are happy with a default value, you can omit that line and only specify a line when you want to change the value.
Login the shell using Cockpit Terminal (or use an SSH client)
Run the ansible playbook
sudo cm-run-playbook
Hint
the
sudo
command might ask for your Unix account password.
After applying the configuration, the rsyslog configuration file at
/etc/rsyslog.d/ciphermail.conf
contains the updated settings, and log messages
are forwarded to the remote syslog server.