How to configure Remote Syslog (4380059)

This article outlines how to enable and configure Secure Remote Logging in the KACE Systems Management Appliance.

Enabling remote syslog-ng or rsyslog allows you to send server log data to a remote syslog-ng or rsyslog server.

Steps to enable Secure Remote Logging:

1. In Admin or System UI (Multi ORG system) navigate to Settings | Control Panel | Security Settings and select Security Options tab. 
2. Check the option "Enable Secure Remote Logging"
3. Specify server IP and port for the remote syslog-ng or rsyslog. The Default port is 6514.

Steps to configure Secure Remote Logging:

• Ensure the server has syslog-ng or rsyslog enabled.
• Download the server certificates and upload them to the machine.
• Configure the logging service. 
  
  For syslog-ng remote server
  - Locate and open the syslog-ng.conf file, then add the following configuration at the end of the file. Make sure to update the paths to the server key and certificate as needed.
  

  source tls_source {
      tcp(
          ip(0.0.0.0)
          port(6514)
          tls(
              key_file("/path/to/serverkey.pem")
              cert_file("/path/to/servercert.pem")
              peer-verify(optional-untrusted)
          )
      );
  };
  log { source(tls_source); destination(messages); };
  
  
  
  

  -Restart syslog-ng service.

  
  For rsyslog remote server:
  - Upgrade to the latest version [below config works with v8.2504.0]: 
     >sudo apt-get upgrade rsyslog
  - Add package:
   >sudo apt-get install rsyslog-gnutis
  - Locate and open the rsyslog.conf file, then add the following configuration at the end of the file

    global(
          defaultNetstreamDriver="gtls"
          defaultNetstreamDriverCertFile="/path/to/servercert.pem"
          defaultNetstreamDriverKeyFile="/path/to/serverkey.pem"
    )
    module(load="imtcp")
    input(type="imtcp" port"6514" StreamDriver.Name="gtls" StreamDriver.Mode="1" StreamDriver.AuthMode="anon")

            Restart rsyslog service

• Navigate to SMA (Systems Management Appliance) System or Admin) UI | Security Settings and click the test button to test the server configuration. 

  Note: The servercert.pem and serverkey.pem files are generated by the SMA and can be downloaded from the Security Settings page.
  The server key file is used to authenticate the server, while the server certificate file is used to encrypt the connection between the SMA and the remote syslog server.
  Please update the configuration file names servercert.pem and serverkey.pem with the actual file names you downloaded from the SMA.