Forwarding Logs to an External System
Syslog forwarding enables you to forward system, command, and event logs to an external monitoring system. You configure syslog forwarding per event broker service in Cluster Manager. Syslog forwarding supports UDP, TCP, and TLS protocols but does not support HTTP proxies. TLS is the recommended protocol for encrypted communication. UDP and TCP do not provide encryption and should be used only when insecure log traffic is acceptable for your use case. Syslog forwarding allows you to:
-
configure and forward system, command, and event logs to an external target server of your choice. The host and port of the target server must be reachable from the cloud hosts for the event broker service.
-
manage and monitor your event broker service logs using a monitoring system that you maintain and service.
-
host the log monitoring system anywhere that permits you to manage and monitor event broker service logs.
Syslog forwarding can forward logs to a maximum of three target servers. You must configure an external monitoring system to set up notifications; Mission Control does not generate alerts or notifications. For example, you could host your external log monitoring on an AWS or Splunk instance, where you can set up the syslog event collection, processing, and alerting. For information about using syslog forwarding, see:
- Considerations for Using Syslog Forwarding
- Enabling Syslog Forwarding and Adding Target Servers
- Modifying Syslog Forwarding
- Disabling Syslog Forwarding
Considerations for Using Syslog Forwarding
You should be aware of the following considerations when using syslog forwarding:
-
You must have Administrator or Mission Control Manager access for the account.
-
You require external target servers to forward the event broker service logs to.
-
You can forward the event broker service logs to up to three target servers.
-
The hostname or IP address and port of the target server must be reachable from the cloud hosts for the event broker service.
-
If you use TLS as the protocol for forward logs, you must verify that the port you select and the target syslog server both support TLS and add any required server certificates to PubSub+ Cloud as a domain certificate authority (CA). For more information, see Adding Domain CA Certificates .
-
Syslog forwarding does not support HTTP proxies.
-
After you configure syslog forwarding, you can set up the syslog event alerts you want in your external monitoring system.
-
As a complement to syslog forwarding or as an alternative for a secure and easier way to receive insights and notifications about your event broker services, consider using PubSub+ Insights. Insights is a monitoring service accessible from
Enabling Syslog Forwarding and Adding Target Servers
To enable syslog forwarding you add a target server that the logs are forwarded to. You can add up to three target servers. To enable syslog forwarding or specify additional target servers, perform these steps:
- Log in to the PubSub+ Cloud Console if you have not done so yet. The URL to access the Cloud Console differs based on your
- On the navigation bar, select Cluster Manager
. - Select the event broker service that you want to configure. If the event broker service is not listed, make sure you have the right environment selected. For more information, see Selecting Environments.
- On the Service Details page, click the Manage tab.
- On the Management Settings menu, select Observability.
- On the Syslog Forwarding tile click Create. The Syslog Forwarding tile shows the status as Disabled if you haven't already configured syslog forwarding.
-
In the Create Syslog Forwarding Destination dialog, set the appropriate options:
-
Syslog Name: The name of the target syslog server.
-
Logs to Forward: Select the logs to forward to the target syslog server:
-
Event: all system, VPN, and client level events generated by the event broker service
-
System: important system-level events generated by the event broker service
-
Command: all commands from the CLI and SEMP sent to the event broker service
-
-
Host Name/IP Address: The target syslog server's hostname or IP address.
-
Port Number:The target syslog server's port number. If you select TLS as transport protocol, the port must support TLS encryption.
-
Protocol Type: The transport mode used for forwarding the logs to the target syslog server. Syslog forwarding supports UDP, TCP, and TLS. UDP is the default.
-
- Click Create to complete the configuration.
- (Optional) Repeat steps 5 and 6 to add another target server.
Modifying Syslog Forwarding
To modifying an existing target server, perform the following steps:
- Log in to the PubSub+ Cloud Console if you have not done so yet. The URL to access the Cloud Console differs based on your
- On the navigation bar, select Cluster Manager .
- Select the event broker service that you want to configure. If the event broker service is not listed, make sure you have the right environment selected. For more information, see Selecting Environments.
- On the Service Details page, click the Manage tab.
- On the Management Settings menu, select Observability.
- On the Syslog Forwarding click Actions
and select Edit.
-
Update the target server as required and click Save.
Disabling Syslog Forwarding
You can remove a target syslog server. If you remove all target servers, syslog forwarding becomes inactive. To remove a target server, perform these steps:
- Log in to the PubSub+ Cloud Console if you have not done so yet. The URL to access the Cloud Console differs based on your
- On the navigation bar, select Cluster Manager .
- Select the event broker service that you want to configure. If the event broker service is not listed, make sure you have the right environment selected. For more information, see Selecting Environments.
- On the Service Details page, click the Manage tab.
- On the Management Settings menu, select Observability.
- On the Syslog Forwarding click Actions and select Delete.
-
Click Deactivate to remove the target syslog server.
