I see that there’s an ability to download logs from the system’s tab menu. However, I was wondering if there was a way to forward logs to a centralized log server? Extra brownie points if it can be done via TLS for secure forwarding
There’s probably something built into systemd but the following related options spring to mind.
SNMP
Not sure of log forwarding exactly but you can do some remote monitoring via the old style snmpd (off by default):
Services - Services - SNMP.
Be sure to check the config there before activating this though. It has also not receive any ‘Rockstor’ attention in years so there’s that!
Later protocols can do encryption.
Never used this within Rockstor myself though unfortunately. It’s only just now come up actually so I don’t think a lot of folks are using this.
NETDATA
And at the other end of at least the monitoring sophistication you could install the Netdata Rock-on and sign up to their free cloud monitoring system and subscribe your Netdata instance to your cloud account with them. Again this includes secure transport of the info.
Plus this one is read only by design I believe.
EMAIL NOTIFICATION
There is also plain old email notification (with a TLS option of course )
http://rockstor.com/docs/email_setup.html
which forwards all of the root users email to your configured recipient.
None of these answers your question directly I’m afraid but it may help with discussion points.
Hope that helps.
Yup! I’ve been using SNMP for a bit now and that’s been alright. Though forwarding to my log server is most desired, this’ll work for now. Thank you!
Glad it’s working for you, and thanks for the confirmation, that’s always extremely helpful!
I was actually curious about that… If/when you have a minute, would you mind elaborating just a tad bit on what you’d like to see/have? I’m always all ears to learn about current shortcomings and possible ways to improve.
Well, I’m currently running LibreNMS as my primary means of log collection and output. I’m eventually wanting to move over to Graylog, since that has better capabilities to index logs and make more sense of them.
Obtaining logs from Rocktor could be beneficial. Rockstor, I’m assuming, keeps track of who logs into it, when the storage was accessed, the last updates that have happened, etc. Logs like these would help coordinate with existing logs from other appliances I have and would enable me to have a better picture overall for troubleshooting or auditing purposes.
I installed rsyslog like I do on all my servers
# zypper install rsyslog
# vi /etc/rsyslog.conf
# systemctl restart rsyslog