Syslog

You can configure the gateway to send all logs to a remote syslog server for centralized monitoring.

To enable syslog forwarding, you need to create an ansible override file:

Note

The included syslog template supports only basic rsyslog functionality. If you need a more advanced setup, skip this section and create your own rsyslog configuration file in /etc/rsyslog.d/.

1. Create the file using the Cockpit File Browser (or use an SSH client)

   /etc/ciphermail/ansible/group_vars/all/syslog.yml

   Paste the following configration:

   ---
   # The hostname or IP address of the syslog server that log messages should be
   # sent to. Leaving this empty disables the remote logging functionality.
   ciphermail_appliance__syslog_server: <hostname-or-ip>
   
   # The transport protocol used to deliver the log messages to the syslog server,
   # either 'tcp' or 'udp'.
   ciphermail_appliance__syslog_protocol: 'tcp'
   
   # The transport protocol port number of the syslog server.
   ciphermail_appliance__syslog_port: '{{ 6514 if ciphermail_appliance__syslog_tls else 514 }}'
   
   # Boolean, whether to secure syslog traffic with TLS. Please ensure your syslog
   # server meets (and continues to meet) these requirements before enabling this:
   # - TLS is enabled (requires TCP transport).
   # - TLS certificate chains up to a CA certificate that is trusted by the
   #   inventory host (see ciphermail_appliance__additional_ca_certificates).
   # - All intermediate certificates are sent by the server.
   # - All certificates are valid (not expired, meeting nameConstraints, etc).
   # - Server certificate is valid for the hostname specified in
   #   ciphermail_appliance__syslog_server.
   ciphermail_appliance__syslog_tls: false
   
   # The syslog selector used when sending log messages to the syslog server.
   ciphermail_appliance__syslog_selector: '*.*'
   
   # Specifies the interval in seconds onto which rate-limiting is to be applied.
   # If more than ratelimit.burst messages are read during that interval, further messages up to the end of the interval
   # are discarded.
   ciphermail_appliance__syslog_rate_limit_interval: '60'
   

   Replace <hostname-or-ip> with the hostname of IP of the remote syslog server. Change the other parameters when required.

   Hint

   All the above settings use their default values except the syslog server setting (ciphermail_appliance__syslog_server). If you are happy with a default value, you can omit that line and only specify a line when you want to change the value.

2. Login the shell using Cockpit Terminal (or use an SSH client)

3. Run the ansible playbook

   sudo cm-run-playbook
   

   Hint

   the sudo command might ask for your Unix account password.

After applying the configuration, the rsyslog configuration file at /etc/rsyslog.d/ciphermail.conf contains the updated settings, and log messages are forwarded to the remote syslog server.