Forwarding Log Files to an External Linux Server
Note: Netvisor ONE supports only one external server for TCP-TLS export. The UDP syslog export can be done to more than one server.
You can forward log files to an external Linux server and encrypt them using Transport Layer Security (TLS) over Transmission Control Protocol (TCP).
The command, admin-syslog-create can be used to configure exporting logs using TCP-TLS. You can perform the below steps to configure exporting of logs:
CLI (network-admin@Leaf1) > admin-syslog-create name audit-logs scope local host 172.16.21.33 transport tcp-tls port 10514
You can create TLS certificates using the following command:
CLI (network-admin@Leaf1) > syslog-tls-cert-request-create country US state CA city Palo Alto organization QA organizational-unit engineering common-name pluribusnetworks.com
This command creates a Certificate Signing Request (CSR) and places it in the directory /sftp/export used by Netvisor One. You must copy and the CSR to the CA server and sign it.
To import the signed certificate to Netvisor One, you must copy the certificate and the ca.pem file to /sftp/import directory in Netvisor One.
Use the following command to import the files:
CLI (network-admin@Leaf1) > syslog-tls-cert-import file-ca ca.pem file-cert my-cert.pem
To enable TLS-TCP logging export, use the following syntax:
CLI (network-admin@Leaf1)>admin-syslog-create name audit-logs scope local host 172.16.21.33 transport tcp-tls port 10514
To display the export information, use the admin-syslog-show command:
CLI (network-admin@Leaf1) > admin-syslog-show
switch name scope host port transport message-format
------- -------- ------ ----------- ----- --------- --------------
leaf-pst-1 MYTLS local 172.21.16.33 10514 tcp-tls legacy
Other new commands
syslog-tls-cert-clear Clears the certificates
syslog-tls-cert-request-show Displays the certificate information
syslog-tls-cert-show Displays syslog TSL import certificate config