Task:
Enable Syslog monitoring/auditing for TKGI cluster.
Logging Types Available:
- Syslog
- Telegraph (metrics)
- Healthwatch
- VMware vRealize Log Insight (vRLI) (vSphere only)
Notes:
- Syslogs sends log messages for all BOSH-deployed VMs in the TKGI cluster.
- Includes Kubernetes cluster audit logs
- Syslogs might include cloud provider credentials or other sensitive information. TLS set-up is highly recommended.
- Including the CA TLS Certificate is not required if the CA cert is in the BOSH VM's certificate store.
- For RSyslog information on RainerScript, see examples at: github.com/cloudfoundry/syslog-release/blob/main/examples/
- - Using RainerScript in the BOSH manifest, requires using either single quotes, or the yaml "pipe" (|) syntax for multi-line strings, as double quotes generally lead to invalid yaml.
Example to not include DEBUG level logging:
if ($msg contains 'DEBUG') then stop
Enable Remote Syslog Monitoring:
Tanzu Kubernetes Grid Integrated Edition (tile) --> Host Monitoring
- Under Enable Syslog for TKGI, select Yes
- Under Address: <enter the syslog target endpoint>
- Under Port: <enter the syslog target endpoint>
- Under Transport Protocol: <select transport protocol for log forwarding>
- TLS: Enable TLS (selected)
- - Under Permitted Peer: <provide the accepted fingerprint (SHA1), or the name of the target endpoint/peer> (e.g. *.syslog.mindwatering.net)
- - Under TLS Certificate: <add_cert for endpoint>
- (Optional) Under Max Message Size: 25000 (default: 10,000 characters)
- (Optional) Under Custom Rsyslog Configuration: <enter custom Rsyslog RainerScript>
- Click Save (button)
previous page
|