Sending SMC logs to a remote server in Syslog format

SMC supports the Syslog protocol in order to collect all logs from the system and from SMC and send them to a remote Syslog server, with or without encryption.

To use the Syslog service on SMC:

  1. Log in to the SMC server via the console of your hypervisor or in SSH.
  2. Enter the command smc-syslog-ng. The service's current configuration will appear.
  1. Type the command smc-syslog-ng --wizard to select an operating mode.
  2. Select the option Store logs locally and send logs to a syslog-ng server through TCP.
  3. Enter the IP address or FQDN of the remote server as well as the port number.

To encrypt communications when forwarding logs to the remote server, you will need three files issued by your PKI (Public Key Infrastructure):

  • The client certificate in PEM format which allows the remote server to identify SMC,
  • The client's private key in PEM format which would allow SMC to encrypt data so that only the remote server can decrypt it,
  • The certificate of the certification authority in PEM format which would allow SMC to trust the remote server.
  1. Before configuring the Syslog service, copy these three files on SMC, in /tmp for example.
  2. Type the command smc-syslog-ng --wizard to select an operating mode.
  3. Select the option Store logs locally and send logs to a syslog-ng server through TCP with TLS.
  4. Enter the IP address or FQDN of the remote server as well as the port number.
  5. Indicate the location of the certificates. The Syslog wizard will copy them into the folder /data/certs/syslog-ng/.
  1. Type the command smc-syslog-ng --wizard to select an operating mode.
  2. Select the option Store logs locally in /var/log/messages (default).

The remote Syslog server is unreachable

  • Situation: You have specified the name of the remote Syslog server using its FQDN but the server remains unreachable.
  • Cause: The DNS service was probably not configured properly or is unable to resolve the FQDN.
  • Solution: Check the resolution of the DNS server by typing the command nslookup server-syslog.domain.com in the SMC command line interface.

When logs are forwarded with encryption, the remote server does not receive SMC logs

  • Situation: You have configured logs to be sent to a remote Syslog server with encryption. You have provided the certificates required, but the Syslog server did not accept the encrypted communication.
  • Cause: The remote Syslog server probably did not accept the certificates as they may have expired or been revoked.
  • Solution: Check the error message that the remote Syslog server returned by typing the following commands in the SMC command line interface:

MY_SERVER_ADDR=xxx.xxx.xxx.xxx
MY_SERVER_PORT=xxxx
openssl s_client -connect ${MY_SERVER_ADDR}:${MY_SERVER_PORT} -cert /data/certs/syslog-ng/xxxx.pem -key /data/certs/syslog-ng/xxxx.pem -CAfile /data/certs/syslog-ng/xxxx.pem