Syslog
You can configure logging with a generic syslog backend such as an rsyslog server or a Logstash server. The IBM Confidential Computing Containers uses TLS with mutual authentication to connect to the logging backend.
Note: It is recommended to use Syslog as the primary logging service, although the IBM Cloud Logs
service is also supported.
Find the following information to configure logging:
- Syslog hostname
- Optional port. It defaults to 514
- Certificate Authority (CA) - the certificate is used to verify the certificate chain for both client and server authentication.
Note: The same CA has to be used for both the client and server certificates.
- Client certificate - used to prove the client to the server, signed by the CA
- Client key - private key used by the IBM Confidential Computing Containers Peerpod VM to establish trust
Fill in the following parts of the contract with the information. The certificates and the key have to be in PEM format.
type: env
logging:
syslog:
hostname: ${HOSTNAME}
port: 514
server: ${CA}
cert: ${CLIENT_CERTIFICATE}
key: ${CLIENT_PRIVATE_KEY}Make sure to use a strong digest algorithm for the certificates, otherwise the syslog server might reject the certificates.
Example
You can follow the following procedure to create the required certificates and keys.