Red Hat Training

A Red Hat training course is available for RHEL 8

Chapter 36. Using the Logging System Roles with RELP

Reliable Event Logging Protocol (RELP) is a networking protocol for data and message logging over the TCP network. It ensures reliable delivery of event messages and you can use it in environments that do not tolerate any message loss.

The RELP sender transfers log entries in form of commands and the receiver acknowledges them once they are processed. To ensure consistency, RELP stores the transaction number to each transferred command for any kind of message recovery.

You can consider a remote logging system in between the RELP Client and RELP Server. the RELP Client transfers the logs to the remote logging system and the RELP Server receives all the logs sent by the remote logging system.

Administrators can use the Logging System Role to configure the logging system to reliably send and receive log entries.

36.1. Configuring client logging with RELP

You can use the Logging System Role to configure logging in RHEL systems that are logged on a local machine and can transfer logs to the remote logging system with RELP by running an Ansible playbook.

This procedure configures RELP on all hosts in the clients group in the Ansible inventory. The RELP configuration uses Transport Layer Security (TLS) to encrypt the message transmission for secure transfer of logs over the network.

Prerequisites

  • You have permissions to run playbooks on managed nodes on which you want to configure RELP.
  • The managed nodes are listed in the inventory file on the control node.
  • The ansible and rhel-system-roles packages are installed on the control node.

Procedure

  1. Create a playbook.yml file with the following content:

    ---
    - name: Deploying basic input and relp output
      hosts: clients
      roles:
        - rhel-system-roles.logging
      vars:
        logging_inputs:
          - name: basic_input
            type: basics
        logging_outputs:
          - name: relp_client
            type: relp
            target: _logging.server.com_
            port: 20514
            tls: true
            ca_cert: _/etc/pki/tls/certs/ca.pem_
            cert: _/etc/pki/tls/certs/client-cert.pem_
            private_key: _/etc/pki/tls/private/client-key.pem_
            pki_authmode: name
            permitted_servers:
              - '*.server.example.com'
        logging_flows:
          - name: _example_flow_
            inputs: [basic_input]
            outputs: [relp_client]

    The playbooks uses following settings:

    • target: This is a required parameter that specifies the host name where the remote logging system is running.
    • port: Port number the remote logging system is listening.
    • tls: Ensures secure transfer of logs over the network. If you do not want a secure wrapper you can set the tls variable to false. By default tls parameter is set to true while working with RELP and requires key/certificates and triplets {ca_cert, cert, private_key} and/or {ca_cert_src, cert_src, private_key_src}.

      • If {ca_cert_src, cert_src, private_key_src} triplet is set, the default locations /etc/pki/tls/certs and /etc/pki/tls/private are used as the destination on the managed node to transfer files from control node. In this case, the file names are identical to the original ones in the triplet
      • If {ca_cert, cert, private_key} triplet is set, files are expected to be on the default path before the logging configuration.
      • If both the triplets are set, files are transfered from local path from control node to specific path of the managed node.
    • ca_cert: Represents the path to CA certificate. Default path is /etc/pki/tls/certs/ca.pem and the file name is set by the user.
    • cert: Represents the path to cert. Default path is /etc/pki/tls/certs/server-cert.pem and the file name is set by the user.
    • private_key: Represents the path to private key. Default path is /etc/pki/tls/private/server-key.pem and the file name is set by the user.
    • ca_cert_src: Reprents local CA cert file path which is copied to the target host. If ca_cert is specified, it is copied to the location.
    • cert_src: Reprents the local cert file path which is copied to the target host. If cert is specified, it is copied to the location.
    • private_key_src: Represents the local key file path which is copied to the target host. If private_key is specified, it is copied to the location.
    • pki_authmode: Accepts the authentication mode as name or fingerprint.
    • permitted_servers: List of servers that will be allowed by the logging client to connect and send logs over TLS.
    • inputs: List of logging input dictionary.
    • outputs: List of logging output dictionary.
  2. Optional: Verify playbook syntax.

    # ansible-playbook --syntax-check playbook.yml
  3. Run the playbook:

    # ansible-playbook -i inventory_file playbook.yml

36.2. Configuring server logging with RELP

You can use the Logging System Role to configure logging in RHEL systems as a server and can receive logs from the remote logging system with RELP by running an Ansible playbook.

This procedure configures RELP on all hosts in the server group in the Ansible inventory. The RELP configuration uses TLS to encrypt the message transmission for secure transfer of logs over the network.

Prerequisites

  • You have permissions to run playbooks on managed nodes on which you want to configure RELP.
  • The managed nodes are listed in the inventory file on the control node.
  • The ansible and rhel-system-roles packages are installed on the control node.

Procedure

  1. Create a playbook.yml file with the following content:

    ---
    - name: Deploying remote input and remote_files output
      hosts: server
      roles:
        - rhel-system-roles.logging
      vars:
        logging_inputs:
          - name: relp_server
            type: relp
            port: 20514
            tls: true
            ca_cert: _/etc/pki/tls/certs/ca.pem_
            cert: _/etc/pki/tls/certs/server-cert.pem_
            private_key: _/etc/pki/tls/private/server-key.pem_
            pki_authmode: name
            permitted_clients:
              - '_*example.client.com_'
        logging_outputs:
          - name: _remote_files_output_
            type: _remote_files_
        logging_flows:
          - name: _example_flow_
            inputs: _relp_server_
            outputs: _remote_files_output_

    The playbooks uses following settings:

    • port: Port number the remote logging system is listening.
    • tls: Ensures secure transfer of logs over the network. If you do not want a secure wrapper you can set the tls variable to false. By default tls parameter is set to true while working with RELP and requires key/certificates and triplets {ca_cert, cert, private_key} and/or {ca_cert_src, cert_src, private_key_src}.

      • If {ca_cert_src, cert_src, private_key_src} triplet is set, the default locations /etc/pki/tls/certs and /etc/pki/tls/private are used as the destination on the managed node to transfer files from control node. In this case, the file names are identical to the original ones in the triplet
      • If {ca_cert, cert, private_key} triplet is set, files are expected to be on the default path before the logging configuration.
      • If both the triplets are set, files are transfered from local path from control node to specific path of the managed node.
    • ca_cert: Represents the path to CA certificate. Default path is /etc/pki/tls/certs/ca.pem and the file name is set by the user.
    • cert: Represents the path to cert. Default path is /etc/pki/tls/certs/server-cert.pem and the file name is set by the user.
    • private_key: Represents the path to private key. Default path is /etc/pki/tls/private/server-key.pem and the file name is set by the user.
    • ca_cert_src: Reprents local CA cert file path which is copied to the target host. If ca_cert is specified, it is copied to the location.
    • cert_src: Reprents the local cert file path which is copied to the target host. If cert is specified, it is copied to the location.
    • private_key_src: Represents the local key file path which is copied to the target host. If private_key is specified, it is copied to the location.
    • pki_authmode: Accepts the authentication mode as name or fingerprint.
    • permitted_clients: List of clients that will be allowed by the logging server to connect and send logs over TLS.
    • inputs: List of logging input dictionary.
    • outputs: List of logging output dictionary.
  2. Optional: Verify playbook syntax.

    # ansible-playbook --syntax-check playbook.yml
  3. Run the playbook:

    # ansible-playbook -i inventory_file playbook.yml