Forwarding Log Files to an External Linux Server


 

Informational Note:  Only one external server is supported by ONE.

You can forward log files to an external Linux server and encrypt them using Transport Layer Security (TLS) over Transmission Control Protocol (TCP). The command, admin-syslog-create accepts a new parameter, transport tcp-tls|udp, to add TLS encryption and you can specify a port number for TCP.

CLI network-admin@@Leaf1>admin-syslog-create name audit-logs scope local host 172.16.21.33 transport tcp-tls port 10514

 

You can create TLS certificates using the following command:

CLI network-admin@@Leaf1>syslog-tls-cert-request-create country US state CA city Palo Alto organization QA organizational-unit engineering common-name pluribusnetworks.com

 

This command creates a Certificate Signing Request (CSR) and places it in the directory /sftp/export used by Netvisor OS. You must copy and the CSR to the CA server and sign it.

To import the signed certificate to Netvisor OS, you must copy the certificate and the ca.pem file to /sftp/import directory in Netvisor OS. Then use the following command to import the files:

CLI network-admin@@Leaf1>syslog-tls-cert-import file-ca ca.pem file-cert my-cert.pem

 

To enable TLS-TCP logging export, use the following syntax:

CLI network-admin@@Leaf1>admin-syslog-create name audit-logs scope local host 172.16.21.33 transport tcp-tls port 10514

To display the export information, use the admin-syslog-show command:

CLI network-admin@@Leaf1>admin-syslog-show

switch     name      scope    host         port     transport      message-format

-------    --------  ------   -----------  -----    ---------      --------------

leaf-pst-1 MYTLS     local    172.21.16.33 10514    tcp-tls        legacy

 

Other new commands

syslog-tls-cert-clear               Clears the certificates

syslog-tls-cert-request-show        Displays the certificate information

syslog-tls-cert-show                Displays syslog TSL import certificate                                     config