Anonymous Syslog server configuration for AlertConfig
search cancel

Anonymous Syslog server configuration for AlertConfig

book

Article ID: 428327

calendar_today

Updated On:

Products

VMware Avi Load Balancer

Issue/Introduction

Configuring Anonymous Syslog server for AlertConfig 

Cause

Configuring anonymous syslog server for alertconfig is not supported.

Syslog over TLS is supported only with client certificate authentication.

Resolution

In oder to configure syslog over TLS, please follow the below steps.

1) Create a PKI profile.

    PKI Profile

2) Get the client certificate for syslog authentication and upload on the Avi controller. eg (SyslogCert)

     SSL Certificate

3) TLS configuration for syslog is only available from Avi cli.

4) Create the syslog server from the controller UI.

     Syslog Notification

5) Follow the below steps on Avi controller CLI.

    Login to CLI of the controller

    Execute the below commands

[admin@<Controller-IP>:  configure alertsyslogconfig <syslog_server_name>

[admin@<Controller-IP>: alertsyslogconfig> syslog_servers index 1

[admin@<Controller-IP>: alertsyslogconfig:syslog_servers> tls_enable
Overwriting the previously entered value for tls_enable

[admin@<Controller-IP>: alertsyslogconfig:syslog_servers> ssl_key_and_certificate_ref <ssl_certificate_name>
Overwriting the previously entered value for ssl_key_and_certificate_ref

[admin@<Controller-IP>: alertsyslogconfig:syslog_servers> pkiprofile_ref <pki_profile_name>
Overwriting the previously entered value for pkiprofile_ref

[admin@<Controller-IP>: alertsyslogconfig:syslog_servers> no strict_cert_verify
  save
save
+-------------------------------+--------------------------------------------------------+
| Field                         | Value                                                  |
+-------------------------------+--------------------------------------------------------+
| uuid                          | alertsyslogconfig-######-####-####-###########         |
| name                          | SyslogServer                                           |
| syslog_servers[1]             |                                                        |
|   syslog_server               | <ip_address>                                            |
|   syslog_server_port          | <port>                                                   |
|   udp                         | False                                                  |
|   format                      | SYSLOG_LEGACY                                          |
|   tls_enable                  | True                                                   |
|   ssl_key_and_certificate_ref | <ssl_certificate_name>                                 |
|   pkiprofile_ref              | <pki_profile_name>                                     |
|   anon_auth                   | True                                                   |
|   strict_cert_verify          | False                                                  |
| tenant_ref                    | admin                                                  |
+-------------------------------+--------------------------------------------------------+

 

Powered by Wolken Software