Forwarding logs to a remote server
Learn how to configure sending system log events from IBM® Cloud Pak for Data
System control nodes to a remote log server with
the apsyslog
utility.
apsyslog
changes the configuration file on the rsyslog
server
and all the connected control nodes. As a result, all configured messages are passed to
rsyslogd
and, then, the required messages are redirected to the log servers.
Before you begin
- Note that the feature can only be configured on IBM Cloud Pak for Data System control nodes which have the external IP configured.
- You must enable the remote logging server to accept the forwarding messages from control nodes.
- You must enable the control nodes before configuring any forwarding rule.
- For audit log redirection, the utility configures the file
/etc/audisp/plugins.d/syslog.conf and defines the audit forwarding rule in
rsyslog.conf.The valid audit log facility options are LOG_LOCAL0 through 7. In file /etc/audisp/plugins.d/syslog.conf:
active = yes direction = out path = builtin_syslog type = builtin args = LOG_LOCAL7 #default value as per scripts format = string
Corresponding entry in rsyslog.conf:Local7.* @@<RemoteServerIP:Port>
About this task
Command
syntax:
apsyslog <operation> --server <RemoteServerIP:port> --nodes <all | e1n1,e2n1> --mode <append|overwrite>
The following operations are available:
- apsyslog enable --server <RemoteServerIP:port> --nodes <all | e1n1,e2n1>
- Enables the feature on the selected control nodes.
- apsyslog show --nodes <all | e1n1,e2n1>
- Shows the list of configured forwarding rules for the selected control nodes.
- apsyslog unset --fwdRule <facility.priority> --nodes <all | e1n1,e2n1>
- Deletes the existing forwarding rules on the selected nodes.
- apsyslog set --diskSpace <2g> --nodes <all | e1n1,e2n1>
- Sets the disk space limit on the selected control nodes.
- apsyslog set --retryCount <5> --nodes <all | e1n1,e2n1>
- Sets the retry count if remote logging server is unreachable.
- apsyslog disable -nodes <all | e1n1,e2n1>
- Restores the rsyslog and syslogconfig file on the enabled control nodes.
Optional arguments:
- -h, --help
- Shows this help message and exits.
- --server <RemoteServerIP:Port>
- Remote server logging details.
- --fwdRule <facility.priority>
- Specify the unique forwarding rule that you want to define for the nodes. Each forwarding rule
consists of a pair of the following parameters:
- Facility
- The facility is used to specify what type of program is generating the message. The Syslog
daemon can then be configured to handle messages from different sources differently. Examples:
auth/authpriv, cron, daemon, kern, ocal0 – local7, lpr, mail, news, syslog, user, uucp
- Priority
- The priority, or level, of a message is intended to determine the importance of a message. Examples:
emerg, alert, crit, err, warning, notice, info, debug
auth.alert
,cron.err
. - --nodes <all |e1n1,e2n1>
- List of control nodes to be configured. Use comma (,) to separate the nodes.
- --diskSpace <1g>
- Disk space limit for queue, default 1g
- --retryCount <n>
- A number of retries if the remote server logging host is unreachable. Default value is 1.
- --mode <append|overwrite>
- Specifies whether the newly configured rule is to be appended or overwritten. The default value
is append.
- In the
append
mode, the utility adds the new rule to the existing forwarding rules. - In the
overwrite
mode, the utility overwrites the existing forwarding rules with the new rule.
- In the