Logging
Menu path: Setup > System > Logging
Here you can configure local and remote logging for the device.
Local logging
☑ The log messages are stored locally in /var/log
. The format is human-readable. Log rotation is applied.
☐ The log messages are not stored locally.
Persistent log partition: This parameter is effective only when Local logging is activated.
☑ The log messages are stored in a persistent partition on the device. This partition is encrypted.
☐ The log messages are stored in temporary files that are deleted on reboot.
Partition size in MB: Size of the persistent log partition
Remote mode
Possible options:
"Server": The device receives log messages from a remote client.
"Client": The device sends its log messages to a remote server.
"Off": The device does not send or receive any log messages.
Remote Mode Switched to "Server"
You can configure the device to act as a syslog server. One or more other clients can send log files to this server; you can create a separate server configuration for each client.
Template for log file storage: Pattern from which the file path for storing the received log messages is created. %HOSTNAME%
is the name of the sender which is configured under Name.
Server: A syslog server can be added by clicking .
Local port: Port on which the local server listens for log messages
Transport protocol: Protocol to be used for the transmission of log messages
Name: Hostname of the sender (optional). This is useful for filtering the log messages based on the clients that have sent them.
Local address: Optional parameter; on multihomed machines (i. e. machines with multiple addresses), this specifies to which local address rsyslog is bound. If no address is specified it defaults to 0.0.0.0
, so that rsyslog listens on every network interface. For more information, see the official documentation at https://www.rsyslog.com/doc/v8-stable/configuration/modules/imtcp.html .
Remote Mode Switched to "Client"
You can configure one or more clients, e.g. one server for kernel messages and another server for authentication messages.
Clients: A client can be added by clicking .
Remote address: IP address or hostname of the remote server
Remote port: Port on which the server listens for log messages
Transport protocol: Protocol to be used for the transmission of log messages
Syslog facility: Type of program for which log messages are created
Syslog level: Severity level of the event
Syslog style template: Format in which the messages are sent
TLS enabled
☑ TLS encryption for the transmission of log messages is enabled.
☐ Transmitted log messages are not encrypted.
CA certificate: Path to the local CA root certificate file in PEM format which is used to verify the authenticity of the X.509 certificate of your log collector and analyzer. If the UMS is used to transfer the certificate file to devices (see Security & Safety > BSI Grundschutz > Anleitung zum IT-Grundschutz-konformen Betrieb von IGEL OS 11.03.100 > Logging and Log Evaluation), the same path and file name as in the UMS must be entered. Example: /wfs/ca-certs/ca.pem