cmdReporter Wiki

Open navigation

Syslog Protocol and Format (RFC5424 & RFC5425)

Overview

This article describes the preference keys available to configure the cmdReporter Syslog with TLS remote logging interface. Setting syslog remote endpoint type will also change the format of the log data being sent to comply with RFC5424. Normal syslog headers will be generated and the full cmdReporter event JSON will be sent in the "message" portion of the syslog format event.


Remote Logging Preferences (TLS Syslog)

All preference keys are required unless marked (Optional)

KeyValue TypeSample ValueFunction
LogRemoteEndpointEnabledbooltrueEnable network transmission of log data
LogRemoteEndpointTypeStringSyslogType of remote log aggregation server. Used to define network protocol and preferences used
LogRemoteEndpointURLStringtls://server.address:9977URL where log data is to be sent. Applies to all remote logging types. tls:// prepend is required
LogRemoteEndpointTLSDictionary-Container dictionary for TLS preferences, no preferences directly set to this key.

TLSServerCertificateArray of Strings
server.company.com
intemediate ca name
root_ca-name
Public TLS certificate and chain common names to verify the remote server. Only System keychain is searched for certificates

Download Server Public Certificate(s)

# The resulting file may have more than one certificate. Keychain Access will 
# automatically parse them into separate cert entries when you 
# double-click or drag-drop the file this command generates
echo -n | openssl s_client -showcerts -connect HOSTNAME:PORT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ~/Downloads/server-public-cert.pem


Install server's public certificate(s) into the System (not System Roots) keychain. Reference certificate common names in the TLSServerCertificate preference.

Example TLS Preferences

<!-- Remote endpoint logging master switch -->
<key>LogRemoteEndpointEnabled</key>
<true/>
<!-- Start TLS Configs -->
<key>LogRemoteEndpointType</key>
<string>Syslog</string>
<key>LogRemoteEndpointURL</key>
<string>tls://server.company.com:4477</string>
<key>LogRemoteEndpointTLS</key>
<dict>
  <key>TLSServerCertificate</key>
  <array>
    <string>server_name.company.com</string>
    <string>Let's Encrypt Authority X3</string>
    <string>DST Root CA X3</string>
  </array>
</dict>
<!-- End TLS Configs -->



Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.