针对 VPC 的 Hyper Protect Virtual Servers 的日志记录
要针对 VPC 实例启动 Hyper Protect Virtual Servers,您 (作为部署者) 需要首先通过在 合同 的 env
部分中添加日志记录配置来设置日志记录。 实例读取配置并相应地配置日志记录。 所有其他服务仅在配置日志记录后启动。 如果日志记录配置不正确,那么实例将不会启动,并且将在串行控制台中显示一条错误消息。
这些日志包括启动日志,Hyper Protect Virtual Servers 针对 VPC 实例发出的服务日志以及容器日志。
如果工作负载生成敏感信息,那么可以 加密日志消息。
支持以下日志记录服务。
IBM Cloud Logs (ICL)
IBM® Cloud Logs 是一种可扩展的日志服务,可持久保存日志,并为用户提供查询、跟踪和可视化日志的功能。
日志由事件组成,通常可由人工读取,并有不同的格式,例如非结构化文本、JSON、分隔符分隔值、键值对等。 IBM Cloud Logs 服务可管理通用应用程序日志、平台日志或结构化审计事件。IBM Cloud Logs 可用于来自 IBM Cloud服务和客户应用程序的日志。
有关 IBM Cloud Logs 的信息,请参阅 IBM Cloud Logs。
访问 IBM Cloud 日志:
vpc 账户用户对 IBM Cloud Logs 实例的访问由 IBM Cloud® Identity and Access Management (IAM) 控制。 必须为 vpc 账户中访问 IBM Cloud Logs 的每个用户分配带有 IAM 角色的访问策略。
将添加访问政策:
- 云日志
要为这些策略添加相关角色,请参阅 管理IBM Cloud日志的 IAM 访问权限
配置 ICL 实例
要从 IBM Cloud 中的 Observability 面板配置 ICL
实例,请完成以下步骤:
- 登录到 IBM Cloud 帐户。
- 提供一个 ICL 实例。 根据您的需求选择计划。
logging
小节
env: |
type: env
logging:
logRouter:
hostname: <host name of the service instance> /
iamApiKey: <iamApiKey of the service instance> / xxxx
port: <port of the service instance(443)>
env
部分需要提供的输入参数有
-
hostname
:服务实例的主机名。 使用 ICL 实例端点部分下的端点。- 对于公共网络 ICL 访问:在合同中选择公共入口端点部分作为主机名。
- 对于专用网络 ICL 访问:在合同中选择专用入口端点部分作为主机名。
您必须为 ICL 创建一个虚拟专用端点 (VPE) 网关,以便私下访问 IBM Cloud Logs。 有关更多信息,请参阅 使用 VPC 的虚拟专用端点私密连接 IBM Cloud Logs。
-
iamApiKey
:服务 ID 的 IAM API 密钥。 从 IAM 中的服务 ID 生成并获取 API 密钥。 -
port
:(可选)服务实例的端口,即 443。
更多信息,请参阅 日志分节。
自定义标签支持 A-Z、a-z、0-9 和连字符 (-)。
要查看日志,请打开 ICL instance。
在 ICL 实例中应用过滤器
为日志信息添加列:包含以下列以显示详细日志信息:
- 时间戳 | _HOSTNAME | Syslog_Identifier | 严重程度 | 信息
按主机名筛选:
- 使用 _HOSTNAME 过滤器并选择所需的主机名,以查看特定来源的日志。
按日志级别筛选:
- 应用严重性过滤器并选择适当的日志级别,以便根据严重性过滤信息。
按服务筛选:
- 添加 Syslog_Identifier 过滤器,查看来自特定服务的日志。
按图像名称、容器名称和容器 ID 过滤:
- 添加 IMAGE_NAME、CONTAINER_NAME 和 CONTAINER_ID 筛选器,进一步完善日志。
查看更多日志详情:
- 选择栏中的文本选项,查看每个日志条目的更多详细信息。
探索其他过滤器:
- 还可根据具体要求使用其他筛选器。
有关更多信息,请参阅 管理 IBM Cloud Logs 日志实例。
现有客户的迁移步骤:
- 创建 ICL 实例
- 准备一份合同,确保日志部分设置为 ICL
- 关闭当前的 HPVS,但不删除数据卷
- 创建新的 HPVS,将现有卷与新合同连接起来
Syslog
您还可以使用通用 syslog 后端 (例如 rsyslog 服务器或 Logstash 服务器) 配置日志记录。 Hyper Protect Virtual Servers for VPC 实例使用带有 相互认证 的 TLS 来连接到日志记录后端。 查找以下信息以配置日志记录:
- 系统日志主机名
- [可选]端口,默认为 514
- 认证中心 (CA)-用于验证证书链以进行客户机和服务器认证的证书。 请注意,必须将同一 CA 用于客户机和服务器证书。
- 客户机证书-用于向服务器证明客户机,由 CA 签署
- 客户机密钥-虚拟服务器实例用于建立信任的专用密钥
使用信息填写合同的以下部分。 证书和密钥必须采用 PEM 格式。
env:
logging:
syslog:
hostname: ${HOSTNAME}
port: ${PORT}
server: ${CA}
cert: ${CLIENT_CERTIFICATE}
key: ${CLIENT_PRIVATE_KEY}
请确保对证书使用强摘要算法,否则系统日志服务器可能会拒绝这些证书。
示例
您可以遵循以下过程来创建所需的证书和密钥。 此示例使用 openssl 并显示 bash 语法。
准备
-
创建 CA 专用密钥和证书签名请求 (CSR)。
准备
ca.cnf
配置文件:[ req ] default_bits = 2048 default_md = sha256 prompt = no encrypt_key = no distinguished_name = dn [ dn ] C = US O = Logstash Test CA CN = ca.example.org
确保使用您的值更新
dn
。 实际值可以自由选择,它们不会对后续处理起到作用。创建密钥和证书。
# create private key openssl genrsa -out ca-key.pem 4096 # create CSR openssl req -config ca.cnf -key ca-key.pem -new -out ca-req.csr # create self-signed CA openssl x509 -signkey ca-key.pem -in ca-req.csr -req -days 365 -out ca.crt
-
创建在 服务器端 (rsyslog 服务器) 上使用的文件。
准备
server.cnf
配置文件。 将default_md
值至少设置为sha256
很重要。 确保填写dn
字段的正确信息。 首选对CN
使用域名,但 IP 地址也有效。 有关更多信息,请参阅有关 主题备用名称的 OpenSSL 文档。使用主机名的示例:
[ req ] default_bits = 2048 default_md = sha256 prompt = no encrypt_key = no distinguished_name = dn [ server ] subjectAltName = DNS:${HOSTNAME} extendedKeyUsage = serverAuth [ dn ] C = US O = Rsyslog Test Server CN = ${HOSTNAME}
使用 IP 地址的示例:
[ req ] default_bits = 2048 default_md = sha256 prompt = no encrypt_key = no distinguished_name = dn [ server ] subjectAltName = IP:${IP} extendedKeyUsage = serverAuth [ dn ] C = US O = Rsyslog Test Server CN = ${IP_OR_HOSTNAME}
创建密钥和证书。 确保服务器证书
server.crt
包含 IP 或主机名的 SAN,具体取决于是通过 IP 还是主机名访问服务器。# create private key openssl genrsa -out server-key.pem 4096 # create CSR for the server certificate openssl req -config server.cnf -key server-key.pem -new -out server-req.csr # have the CA created in (1) sign the certificate openssl x509 -req -in server-req.csr -days 365 -CA ca.crt -CAkey ca-key.pem -CAcreateserial -extfile server.cnf -extensions server -out server.crt
-
创建在 客户端 (针对 VPC 实例的 Hyper Protect Virtual Servers ) 上使用的文件。
准备
client.cnf
配置文件:[ req ] default_bits = 2048 default_md = sha256 prompt = no encrypt_key = no distinguished_name = dn [ dn ] C = US O = Logstash Test Client CN = client.example.org
确保使用您的值更新
dn
。 实际值是否发挥作用取决于StreamDriver.Authmode
设置 (在以下文档中显示)。 在此示例中,我们使用设置StreamDriver.Authmode="x509/certvalid"
,在此情况下,dn
的值 不 发挥作用 (因为接受所有有效的客户机证书)。 根据您的需求进行调整。 有关更多信息,请参阅 StreamDriver。Authmode。创建密钥和证书:
# create private key openssl genrsa -out client-key.pem 4096 # create CSR for client auh openssl req -config client.cnf -key client-key.pem -new -out client-req.csr # have the CA created in (2) sign the certificate openssl x509 -req -in client-req.csr -days 365 -CA ca.crt -CAkey ca-key.pem -CAcreateserial -out client.crt # export key to PKCS#8 format openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in client-key.pem -out client-key-pkcs8.pem
客户机设置
使用以下模板配置合同。
env:
logging:
syslog:
hostname: ${HOSTNAME}
port: ${PORT}
server: ${CA}
cert: ${CLIENT_CERTIFICATE}
key: ${CLIENT_PRIVATE_KEY}
在准备中使用以下文件的内容来填充占位符:
${CA}
-ca.crt
从准备步骤 1${CLIENT_CERTIFICATE}
-client.crt
从准备步骤 3${CLIENT_PRIVATE_KEY}
-client-key-pkcs8.pem
从准备步骤 3
${HOSTNAME}
,${CA}
,${CLIENT_CERTIFICATE}
和 ${CLIENT_PRIVATE_KEY}
是没有额外编码或转义的字符串。 无论其格式如何,请确保使用 有效 YAML (请参阅 标量)。 在以下示例中,新行将替换为 \n
,并删除回车符以确保内容在反转逗号之间的一行中合适 (请参阅 双引号样式的标量)。 您还可以使用其他有效的 YAML 变体。
示例:
env:
logging:
syslog:
hostname: ${HOSTNAME}
port: 6514
server: "-----BEGIN CERTIFICATE-----\nMIIFCTCCAvECFEp7wJLz4jNStIsVH2dUeHDN26ZyMA0GCSqGSIb3DQEBCwUAMEEx\nCzAJBgNVBAYTAlVTMRkwFwYDVQQKDBBMb2dzdGFzaCBUZXN0IENBMRcwFQYDVQQD\nDA5jYS5leGFtcGxlLm9yZzAeFw0yMzAxMDUxNjU0MTNaFw0yNDAxMDUxNjU0MTNa\nMEExCzAJBgNVBAYTAlVTMRkwFwYDVQQKDBBMb2dzdGFzaCBUZXN0IENBMRcwFQYD\nVQQDDA5jYS5leGFtcGxlLm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC\nggIBANe7PR4XaTXtF6h3FhWe/R4BSTVylXWopA51+ppcJ3BOMPjmRMNJ3tFAFE3h\nF4d0RHBNJOZF0+ogT0ZEseTe4mqJXk3RgfMSrLaymNgzaefD67uhQ9ZzznE3kIXe\nmzh/A8aDwhaUMifIKxekisrmpvjDwUJtaSs3pb27W+cOmzAPZ3cmOs09tELLY134\nf52sp0ZqFSOgvCwcdt88PFVMm2rrFgwxP2gLgOkZL4OsM9sQykYEPR28unS+P90V\nqnYPy27xqJNss4OdZCJrjkS7lv2PbBxSoFjDq/yLjnDV8khW2+6w0MFRvamoKL34\nn/XoXN6VCathSxcwvXg0x3wwTxa5Hevb0iziNGXHjZ9bXt+8bnu/Bhsa7KwaoUt9\nrJJeMy0KNsdQyWhMJE904YKm9Eo/S92rrcNWzmzBIV0iecOHc24iw3SIXOnoAKNY\n1GtDOQChSEeb7en25s1fjWTqIDyDOktWjp9DXu1ips9YDb7GKZ7raOoQnsPkGrRE\nKOWClkWQ4qIXJ9LH73ytR1h8+AsGyInaan5ehnz7JC5SFhE96wPzJDaXCKNHBP/e\ntfwQ0BTbgO6z8gPE8JlPGXTmdf9YF5NxMd4oJA7u7Y6x2y4KIRYacrcevDxe/lFk\n843MwiYU2atYgqgFK07BIOHNvqv93WiqXy8WAolSmMoJ/eqdAgMBAAEwDQYJKoZI\nhvcNAQELBQADggIBAFkQpmW3T50eI5AhAOzN6duxQtjDuIE4AhcQaejIVFu8R9H4\nGKw8WQo1DO7jaefRK7BFy68u8Cacgyn6btCoA0AMuKYyt1StM4Jzf2ZxWrox0Tl+\nUW5RJFP8HoIBQutMtgHaY3hWZJ4Jvcg6y7kroMynZnsV3jbK0/GmthtUYonjCpCH\nuC1rEp/0Gkp9BPnrY6cgyRdDbgmDo3YMqmUh8BqTGLEi+F45K/PEN502kUBcMJTY\nvpWVfgMz7nQhN4temIlQQDs8gu3LBt9lxomuMXtYkTq245LfXdtbPPkrwjvbIKzM\nFasa1PkTmK23cXLpRWfNUu/JHChpCl27Yg8ScTm6GV/eKhJbtku8ExvLWgHAITGi\n5Rhh2Pl//Jh4szzTL34IY5bPqSXMrqUB3vFzND5ybmWrwo0i2CyLS+gKgGqzz0Xt\nmvQ6XCiq7EsTdNLlX1ZDWjias12EIyCVbWrmxzFsR/Ji8XQqUoKK+QXhdsQ/uA4H\nn72jGuWsjhRAKE7WyI2i1H+TPRZ+K6VaKeS2aikC3p2JCU4VxrP2jSdWhdYYwEgL\nC/mjDXOjxbr6TIOtrxQQSBplTuRz8yNabrPB6G2xN+e70qpB1KT5w2ee1RH7M1o+\nUoeDoSwqneVvONAjQn/0KKL0Y7P2BURHjJeWsLtFmyUZVlkqlosg8P7Nabrj\n-----END CERTIFICATE-----\n"
cert: "-----BEGIN CERTIFICATE-----\nMIIFETCCAvkCFBhx5DuYtRzCxRx8Bo+WIS2LFI2uMA0GCSqGSIb3DQEBCwUAMEEx\nCzAJBgNVBAYTAlVTMRkwFwYDVQQKDBBMb2dzdGFzaCBUZXN0IENBMRcwFQYDVQQD\nDA5jYS5leGFtcGxlLm9yZzAeFw0yMzAxMDUxNjU1MzZaFw0yNDAxMDUxNjU1MzZa\nMEkxCzAJBgNVBAYTAlVTMR0wGwYDVQQKDBRMb2dzdGFzaCBUZXN0IENsaWVudDEb\nMBkGA1UEAwwSY2xpZW50LmV4YW1wbGUub3JnMIICIjANBgkqhkiG9w0BAQEFAAOC\nAg8AMIICCgKCAgEArY+N+3IEYrIQpdMPT6xMqksSS43g2+44EdYiPNonP2KjEUdG\n/g57CBnIOaUfZyvg3Fc9ROBMhqYa6CGKCd8Yec7mL4c97tS9wBtc6I0eEBmXAeZz\nCGy6/1HtScZ/mAHw9rshgwF1Si/j9R4NA6ZepmGvoQMdUOGJJHhSsEfovVoRR5D/\nVO1Urpu4LYnz7Zwo+/QEzJbUmSVN52/tNWjgTlHFCOdQ6aZCkwBK2DCa3b2NFWSO\nvfhhl/4GLLeYZ2hG2f9+W+L6slLMWwpMqywY9bUXn+NROcYPoLX222saH6nY74+0\n+B9Qk4BOlNqhN493FCoXq2uzGmYb0igOx+o8UVc7gcozbhvREgW4RRa4XgamonSW\nCccM5sQFHFSxaGZXokpE2GJtQT0wv/pim4Ku0XEIQKmZGejC1dw26fbG+CWDWPXs\nYEmf4S5Z5exjSiQCPL2QawCXgGEJNkiUMj5ld3jeb2kY221IKb+uSE6waNTts4nO\nRa9DveHrUKrNqq33yoEZvj4K/QZ9px9km7o0BhR+oMPAYI/YODgNOhQLSR3q2n1C\njd+baFfg4Sb8L2OUTyW4Kd2Ok9rkCk9W/8T/YKlrBFoSrNHtPhKIi6FZLkrodn1g\n8+lPo3E80Gn5hUZdgsIZ7Y+c2qcUAVu8X/otFaWm8FCmIDyz+ZKm/YgaX4UCAwEA\nATANBgkqhkiG9w0BAQsFAAOCAgEACg4PxboxM01cO3pmhTfvwetBvICz8GOuAq3f\nLWYFXcZmnMHqwDZKOx20a03XfcBaWhyF9XHdCugziEMXTdfKxGwFsIUxQIbDBT4N\nBNCcLTXiTEdtjvXxm0TnM5QdPOE36EsI+O4YT8w+C5nlKuNMtsxsJe+bxEfBi2PS\nJ0vU1bO+4m9p0SDc3h39jb+FLrAnqez2QbT2maby8A8wahunAMWY+ZUkQYoWpilf\nRkGpiLKlkJ95HCYzmt7IeddH5+ZBuG+Sx4SMwCynn64J/UafNW0XV36dzeLSla59\nvQCmWAurjAqa8fqepdvNI4I/JxVfeCQwkrZEos0gec+D7qOupfHk3Zyr6G5Zn8kS\nYRU8HpRIRH4KvsObTNIrW5Z/qbfWAFSTC3q0eflaVLWsrXfSGvBDVqlxO3arhv2q\nra6tcD7MQOBO226i+v3aL9qJ3viWhIQTvONm7D8U+/WryrChBOHVCQ2M3AZQQLeC\nqSkJ60wFx8jEqLj9ELWuTMuHYg5lhMZFyLI8iWOvGRPmgTUZKNH74LF1ujIEuMBx\nE7LBWRGNx2lD0f2aYUdv+qWA8m1ETPyKYme6oUM+kDlf6sstMgahN7zT8jj/W2KD\ndG+yzHk5G06lSQzXGbec3bi2WOpWHJ1J/kTQ8Af1HuJr4UjQmin8fLW6n06diySA\nBSHYGWk=\n-----END CERTIFICATE-----\n"
key: "-----BEGIN PRIVATE KEY-----\nMIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCtj437cgRishCl\n0w9PrEyqSxJLjeDb7jgR1iI82ic/YqMRR0b+DnsIGcg5pR9nK+DcVz1E4EyGphro\nIYoJ3xh5zuYvhz3u1L3AG1zojR4QGZcB5nMIbLr/Ue1Jxn+YAfD2uyGDAXVKL+P1\nHg0Dpl6mYa+hAx1Q4YkkeFKwR+i9WhFHkP9U7VSum7gtifPtnCj79ATMltSZJU3n\nb+01aOBOUcUI51DppkKTAErYMJrdvY0VZI69+GGX/gYst5hnaEbZ/35b4vqyUsxb\nCkyrLBj1tRef41E5xg+gtfbbaxofqdjvj7T4H1CTgE6U2qE3j3cUKhera7MaZhvS\nKA7H6jxRVzuByjNuG9ESBbhFFrheBqaidJYJxwzmxAUcVLFoZleiSkTYYm1BPTC/\n+mKbgq7RcQhAqZkZ6MLV3Dbp9sb4JYNY9exgSZ/hLlnl7GNKJAI8vZBrAJeAYQk2\nSJQyPmV3eN5vaRjbbUgpv65ITrBo1O2zic5Fr0O94etQqs2qrffKgRm+Pgr9Bn2n\nH2SbujQGFH6gw8Bgj9g4OA06FAtJHerafUKN35toV+DhJvwvY5RPJbgp3Y6T2uQK\nT1b/xP9gqWsEWhKs0e0+EoiLoVkuSuh2fWDz6U+jcTzQafmFRl2Cwhntj5zapxQB\nW7xf+i0VpabwUKYgPLP5kqb9iBpfhQIDAQABAoICACsovIzfgHmuf/dMcc1FMldS\njb0eDeGC7ox47FCniwT3GUfNqri4jx2nk6PKDPIR9ju0sfaztDPzkFNTK8lioeqA\nabs97Ue7vWfNJiBqHySvyF5fmRFqQGIHVHN5GfeJ3Aru49l4/lqxaAVnMKNMttK3\nDf6DEMIxI3JfPWi6qQSVJiDezK+oyNsWvAkO+gqHP6XPu3XIuBtRLHs12Q3kA4tW\nSCH7q6I+huWZOANkqs4jObctJ1XUMyihsZVjHlHwm1XQc/KTkfXQIyMsf349XAOV\nwccvtt4gA3jaZwWPL5LaIKkJ2l2tI9NaH7BiYZ64XUs1YGdvQ7130MlEztAlzlOe\n9M4tkvdELLcvyByEsY3JaObWe/N/RPk3vom4EP/XF+dTnIXRO0nLDP5Kwzj1Cpwb\nRh7Jp6dmfOpBMLKtb5iEKUROPjGJT+jKORhWaTwo4zmqj6EHp1Z2cUeZdvZomQWM\nb75xNoJyBKooLAafdGWO0ADR1nbK56+RpbF07/xHHdWR1SuJE6vppkQ33WOsLMJb\nCo141AG+5NRPe5bn5KH9KrgsJTNPplhNfq5KGE+xb+gfIH71KuxMgHafBp2Ng432\njGr4ZfBJy/w8cS0jLWrzAPEvz1ZmhIEGNeiOs78QO6efeT4fCAohw7qQur23K8YB\nTyVFdUaq63ndFq3kqBGtAoIBAQDZPs86SyDwvLttaLlgpE8z+XgxLRWZRwPCQ+yV\nAhJKaehxyavAPkp+k5f1EaAL9g20ZCzMA3N8imsEe8zvbrDuR/xBCIUGppmQnD/E\nCUQk4Un63znNZdJ+h7cn/kysi7D0od9oHgYxI3oj0VhPNkdwm4GSJ8lvXrL7RD/f\ncXFKrzIOmdkOJY1DydtRAS772MKXVURxaFZ3kePFETloqiqgBIaKt1gw9uSrtkg8\necW3NVQDI521Q/uNYQaqA2AKGmLXC9Cg4GCfxseaiLxWaEsd+cOAzzoU8v+8nPRo\ntVdKPEg//b0TJArxh4ZQVOxogLVbgW2JoY9gsaslqZpQaRbLAoIBAQDMhcBVG8vO\nqsmqv2qV0+251KLt5Y2hfU5k3OONsIAQl1a7sKOY4eXiVpKzT3J/emZeLsQmHnw2\nRdIXqjaVjH5jNADV9tHsQZ2KA0qV2JO/VK7fQtjV8XIaHh/gIAXXerSyLdh7rdHp\ng+xfHaDB1kKUmZR6MtB87hlQ6ngBI49/7xgJReTeee2oj4sN10ALVi51XyNfZ+FV\nQu8D2VP6ssn70qvempzLaP70ZNj2eES7KK8XEm7x7Stv0ptZl7n+E+OqZ1i4OVcF\n7UCRBCrmDYWYCLmajmR04zyBeppJfSRbH3y3mXBeNwmlFqmQz5NVNDg/YkcPbM4O\nakCX7ZXPH0jvAoIBAFhZx/NgLIRbbSpAxet8x01O7sepGzib/fZao3OyRPgIfGUS\nbIwhiTBTHCCpy1ox9j7f4qwR1zzWGlHXe3AAp2ow0nEsYtVimd+K/A/g6NrK2Mhz\nUlGrUGDvFtjn/gzKPuwujOoOE9yWHg1FDVIhtAoi5B4pmi116PpxNjzMKRQDjisL\n/I9ZTEs+Y7hc79uyuujK36vzj/7O0UALEjrzwaQUUxdFG1PGhRckadpWd8dbo9An\nAvN+M2a7B/fKqZtSQdJNVsqmlgVE1VaOt3G4tpv5QL45CNkOPl1Zw7h1z4s8WvHT\nYrrPFLhHsqMm9oJFnfwZ9g9cKjBb8Uu+3yhGpOMCggEAeHzfZwReGB2zev0TvLrC\nlTS426/dtWKN2YvsHt/5Qkz2EtKoPnvuo13fRPWr/X/NaPTiJ5bUFGEjuT9Ustu2\n5ZiQWXz0BNxPBCyWNxsFR7WK5AqMldWNI+fVXYNgDabDZyjtHUe0n35RtWNN/oPM\na6DiwO7ItqDKl0nacslRU8w2e9gKUirAoQoXoIrLtyIJcqoeu6kGLeWly72v5MSJ\ni+p7yEOL1aXAdZgn3WPTEfOQ2uXIKIxRh6oqTSi+sPlkqVIDCVz2cI5p+ETdRPR4\nXK3fMjdq5RWt4pWo6VxpG6m8HqmtckO4UeK8+IvhP1PpQyYRuPuflQxxi0+zbvb+\nTwKCAQAtxUAS8r+AP3Uufi9DvujI5z3+mWqZiM5Mxg8OJq0qNPE8V6gfrSspEgDt\nHWF8TUNoATWLCCak1u9ImBqiPZMH9WfRXaLSofrFJsVTFt+5ZeT6QMnc0RnBZakL\nvJMX9rKkb98leIRfCwzlnBQ84IFM41e0F15+853aIibpBAI7BEfTvJ8Eg/m20w1H\nrPRP1j6GYhpkAIm2+TVx6DFY/JO6JM1i0tzHv7zihSeji0lwBMKJ7M0TRXz1dJeR\n3GsDlD7mKwLVaBBKQ1Uxh1zYbiaUzVst1S2Wdvt13f89IV4Mmmuq2v1Uz4je7pDB\nhJITxResgCTR2aD0nMzF8egEKJoY\n-----END PRIVATE KEY-----\n"
您也可以提供base64格式的 syslog 证书和密钥。 要以base64 格式生成,请使用以下命令:
cat ${CLIENT_PRIVATE_KEY} | base64 -w0
使用base64编码证书配置合同:
env:
logging:
syslog:
hostname: ${HOSTNAME}
port: 16999
server: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDVENDQXZFQ0ZFcDd3Skx6NGpOU3RJc1ZIMmRVZUhETjI2WnlNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1FRXgKQ3pBSkJnTlZCQVlUQWxWVE1Sa3dGd1lEVlFRS0RCQk1iMmR6ZEdGemFDQlVaWE4wSUVOQk1SY3dGUVlEVlFRRApEQTVqWVM1bGVHRnRjR3hsTG05eVp6QWVGdzB5TXpBeE1EVXhOalUwTVROYUZ3MHlOREF4TURVeE5qVTBNVE5hCk1FRXhDekFKQmdOVkJBWVRBbFZUTVJrd0Z3WURWUVFLREJCTWIyZHpkR0Z6YUNCVVpYTjBJRU5CTVJjd0ZRWUQKVlFRRERBNWpZUzVsZUdGdGNHeGxMbTl5WnpDQ0FpSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnSVBBRENDQWdvQwpnZ0lCQU5lN1BSNFhhVFh0RjZoM0ZoV2UvUjRCU1RWeWxYV29wQTUxK3BwY0ozQk9NUGptUk1OSjN0RkFGRTNoCkY0ZDBSSEJOSk9aRjArb2dUMFpFc2VUZTRtcUpYazNSZ2ZNU3JMYXltTmd6YWVmRDY3dWhROVabylp6em5FM2tJWGUKbXpoL0E4YUR3aGFVTWlmSUt4ZWtpc3JtcHZqRHdVSnRhU3MzcGIyN1crY09tekFQWjNjbU9zMDl0RUxMWTEzNApmNTJzcDBacUZTT2d2Q3djZHQ4OFBGVk1tMnJyRmd3eFAyZ0xnT2taTDRPc005c1F5a1lFUFIyOHVuUytQOTBWCnFuWVB5Mjd4cUpOc3M0T2RaQ0pyamtTN2x2MlBiQnhTb0ZqRHEveUxqbkRWOGtoVzIrNncwTUZSdmFtb0tMMzQKbi9Yb1hONlZDYXRoU3hjd3ZYZzB4M3d3VHhhNUhldmIwaXppTkdYSGpaOWJYdCs4Ym51L0Joc2E3S3dhb1V0OQpySkplTXkwS05zZFF5V2hNSkU5MDRZS205RW8vUzkycnJjTld6bXpCSVYwaWVjT0hjMjRpdzNTSVhPbm9BS05ZCjFHdERPUUNoU0VlYjdlbjI1czFmaldUcUlEeURPa3RXanA5RFh1MWlwczlZRGI3R0taN3JhT29RbnNQa0dyUkUKS09XQ2xrV1E0cUlYSjlMSDczeXRSMWg4K0FzR3lJbmFhbjVlaG56N0pDNVNGaEU5NndQekpEYVhDS05IQlAvZQp0ZndRMEJUYmdPNno4Z1BFOEpsUEdYVG1kZjlZRjVOeE1kNG9KQTd1N1k2eDJ5NEtJUllhY3JjZXZEeGUvbEZrCjg0M013aVlVMmF0WWdxZ0ZLMDdCSU9ITnZxdjkzV2lxWHk4V0FvbFNtTW9KL2VxZEFnTUJBQUV3RFFZSktvWkkKaHZjTkFRRUxCUUFEZ2dJQkFGa1FwbVczVDUwZUk1QWhBT3pONmR1eFF0akR1SUU0QWhjUWFlaklWRnU4UjlINApHS3c4V1FvMURPN2phZWZSSzdCRnk2OHU4Q2FjZ3luNmJ0Q29BMEFNdUtZeXQxU3RNNEp6ZjJaeFdyb3gwVGwrClVXNVJKRlA4SG9JQlF1dE10Z0hhWTNoV1pKNEp2Y2c2eTdrcm9NeW5abnNWM2piSzAvR210aHRVWW9uakNwQ0gKdUMxckVwLzBHa3A5QlBuclk2Y2d5UmREYmdtRG8zWU1xbVVoOEJxVEdMRWkrRjQ1Sy9QRU41MDJrVUJjTUpUWQp2cFdWZmdNejduUWhONHRlbUlsUVFEczhndTNMQnQ5bHhvbXVNWHRZa1RxMjQ1TGZYZHRiUFBrcndqdmJJS3pNCkZhc2ExUGtUbUsyM2NYTHBSV2ZOVXUvSkhDaHBDbDI3WWc4U2NUbTZHVi9lS2hKYnRrdThFeHZMV2dIQUlUR2kKNVJoaDJQbC8vSmg0c3p6VEwzNElZNWJQcVNYTXJxVUIzdkZ6TkQ1eWJtV3J3bzBpMkN5TFMrZ0tnR3F6ejBYdAptdlE2WENpcTdFc1RkTkxsWDFaRFdqaWFzMTJFSXlDVmJXcm14ekZzUi9KaThYUXFVb0tLK1FYaGRzUS91QTRICm43MmpHdVdzamhSQUtFN1d5STJpMUgrVFBSWitLNlZhS2VTMmFpa0MzcDJKQ1U0VnhyUDJqU2RXaGRZWXdFZ0wKQy9takRYT2p4YnI2VElPdHJ4UVFTQnBsVHVSejh5TmFiclBCNkcyeE4rZTcwcXBCMUtUNXcyZWUxUkg3TTFvKwpVb2VEb1N3cW5lVnZPTkFqUW4vMEtLTDBZN1AyQlVSSGpKZVdzTHRGbXlVWlZsa3Fsb3NnOFA3TmFicmoKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZFVENDQXZrQ0ZCaHg1RHVZdFJ6Q3hSeDhCbytXSVMyTEZJMnVNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1FRXgKQ3pBSkJnTlZCQVlUQWxWVE1Sa3dGd1lEVlFRS0RCQk1iMmR6ZEdGemFDQlVaWE4wSUVOQk1SY3dGUVlEVlFRRApEQTVqWVM1bGVHRnRjR3hsTG05eVp6QWVGdzB5TXpBeE1EVXhOalUxTXpaYUZ3MHlOREF4TURVeE5qVTFNelphCk1Fa3hDekFKQmdOVkJBWVRBbFZUTVIwd0d3WURWUVFLREJSTWIyZHpkR0Z6YUNCVVpYTjBJRU5zYVdWdWRERWIKTUJrR0ExVUVBd3dTWTJ4cFpXNTBMbVY0WVcxd2JHVXViM0puTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQwpBZzhBTUlJQ0NnS0NBZ0VBclkrTiszSUVZcklRcGRNUFQ2eE1xa3NTUzQzZzIrNDRFZFlpUE5vblAyS2pFVWRHCi9nNTdDQm5JT2FVZlp5dmczRmM5Uk9CTWhxWWE2Q0dLQ2Q4WWVjN21MNGM5N3RTOXdCdGM2STBlRUJtWEFlWnoKQ0d5Ni8xSHRTY1ovbUFIdzlyc2hnd0YxU2kvajlSNE5BNlplcG1Hdm9RTWRVT0dKSkhoU3NFZm92Vm9SUjVELwpWTzFVcnB1NExZbno3WndvKy9RRXpKYlVtU1ZONTIvdE5XamdUbEhGQ09kUTZhWkNrd0JLMkRDYTNiMk5GV1NPCnZmaGhsLzRHTExlWVoyaEcyZjkrVytMNnNsTE1Xd3BNcXl3WTliVVhuK05ST2NZUG9MWDIyMnNhSDZuWTc0KzAKK0I5UWs0Qk9sTnFoTjQ5M0ZDb1hxMnV6R21ZYjBpZ094K284VVZjN2djb3piaHZSRWdXNFJSYTRYZ2Ftb25TVwpDY2NNNXNRRkhGU3hhR1pYb2twRTJHSnRRVDB3di9waW00S3UwWEVJUUttWkdlakMxZHcyNmZiRytDV0RXdgfkuUFhzCllFbWY0UzVaNWV4alNpUUNQTDJRYXdDWGdHRUpOa2lVTWo1bGQzamViMmtZMjIxSUtiK3VTRTZ3YU5UdHM0bk8KUmE5RHZlSHJVS3JOcXEzM3lvRVp2ajRLL1FaOXB4OWttN28wQmhSK29NUEFZSS9ZT0RnTk9oUUxTUjNxMm4xQwpqZCtiYUZmZzRTYjhMMk9VVHlXNEtkMk9rOXJrQ2s5Vy84VC9ZS2xyQkZvU3JOSHRQaEtJaTZGWkxrcm9kbjFnCjgrbFBvM0U4MEduNWhVWmRnc0laN1krYzJxY1VBVnU4WC9vdEZhV204RkNtSUR5eitaS20vWWdhWDRVQ0F3RUEKQVRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUNnNFB4Ym94TTAxY08zcG1oVGZ2d2V0QnZJQ3o4R091QXEzZgpMV1lGWGNabW5NSHF3RFpLT3gyMGEwM1hmY0JhV2h5RjlYSGRDdWd6aUVNWFRkZkt4R3dGc0lVeFFJYkRCVDROCkJOQ2NMVFhpVEVkdGp2WHhtMFRuTTVRZFBPRTM2RXNJK080WVQ4dytDNW5sS3VOTXRzeHNKZStieEVmQmkyUFMKSjB2VTFiTys0bTlwMFNEYzNoMzlqYitGTHJBbnFlejJRYlQybWFieThBOHdhaHVuQU1XWStaVWtRWW9XcGlsZgpSa0dwaUxLbGtKOTVIQ1l6bXQ3SWVkZEg1K1pCdUcrU3g0U013Q3lubjY0Si9VYWZOVzBYVjM2ZHplTFNsYTU5CnZRQ21XQXVyakFxYThmcWVwZHZOSTRJL0p4VmZlQ1F3a3JaRW9zMGdlYytEN3FPdXBmSGszWnlyNkc1Wm44a1MKWVJVOEhwUklSSDRLdnNPYlROSXJXNVovcWJmV0FGU1RDM3EwZWZsYVZMV3NyWGZTR3ZCRFZxbHhPM2FyaHYycQpyYTZ0Y0Q3TVFPQk8yMjZpK3YzYUw5cUozdmlXaElRVHZPTm03RDhVKy9XcnlyQ2hCT0hWQ1EyTTNBWlFRTGVDCnFTa0o2MHdGeDhqRXFMajlFTFd1VE11SFlnNWxoTVpGeUxJOGlXT3ZHUlBtZ1RVWktOSDc0TEYxdWpJRXVNQngKRTdMQldSR054MmxEMGYyYVlVZHYrcVdBOG0xRVRQeUtZbWU2b1VNK2tEbGY2c3N0TWdhaE43elQ4amovVzJLRApkRyt5ekhrNUcwNmxTUXpYR2JlYzNiaTJXT3BXSEoxSi9rVFE4QWYxSHVKcjRValFtaW44ZkxXNm4wNmRpeVNBCkJTSFlHV2s9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Nzd2dna25BZ0VBQW9JQ0FRQ3RqNDM3Y2dSaXNoQ2wKMHc5UHJFeXFTeEpMamVEYjdqZ1IxaUk4MmljL1lxTVJSMGIrRG5zSUdjZzVwUjluSytEY1Z6MUU0RXlHcGhybwpJWW9KM3hoNXp1WXZoejN1MUwzQUcxem9qUjRRR1pjQjVuTUliTHIvVWUxSnhuK1lBZkQydXlHREFYVktMK1AxCkhnMERwbDZtWWEraEF4MVE0WWtrZUZLd1IraTlXaEZIa1A5VTdWU3VtN2d0aWZQdG5Dajc5QVRNbHRTWkpVM24KYiswMWFPQk9VY1VJNTFEcHBrS1RBRXJZTUpyZHZZMFZaSTY5K0dHWC9nWXN0NWhuYUViWi8zNWI0dnF5VXN4YgpDa3lyTEJqMXRSZWY0MUU1eGcrZ3RmYmJheG9mcWRqdmo3VDRIMUNUZ0U2VTJxRTNqM2NVS2hlcmE3TWFaaHZTCktBN0g2anhSVnp1QnlqTnVHOUVTQmJoRkZyaGVCcWFpZEpZSnh3em14QVVjVkxGb1psZWlTa1RZWW0xQlBUQy8KK21LYmdxN1JjUWhBcVprWjZNTFYzRGJwOXNiNEpZTlk5ZXhnU1ovaExsbmw3R05LSkFJOHZaQnJBSmVBWVFrMgpTSlF5UG1WM2VONXZhUmpiYlVncHY2NUlUckJvMU8yemljNUZyME85NGV0UXdjfdkFzMnFyZmZLZ1JtK1BncjlCbjJuCkgyU2J1alFHRkg2Z3c4QmdqOWc0T0EwNkZBdEpIZXJhZlVLTjM1dG9WK0RoSnZ3dlk1UlBKYmdwM1k2VDJ1UUsKVDFiL3hQOWdxV3NFV2hLczBlMCtFb2lMb1ZrdVN1aDJmV0R6NlUramNUelFhZm1GUmwyQ3dobnRqNXphcHhRQgpXN3hmK2kwVnBhYndVS1lnUExQNWtxYjlpQnBmaFFJREFRQUJBb0lDQUNzb3ZJemZnSG11Zi9kTWNjMUZNbGRTCmpiMGVEZUdDN294NDdGQ25pd1QzR1VmTnFyaTRqeDJuazZQS0RQSVI5anUwc2ZhenREUHprRk5USzhsaW9lcUEKYWJzOTdVZTd2V2ZOSmlCcUh5U3Z5RjVmbVJGcVFHSUhWSE41R2ZlSjNBcnU0OWw0L2xxeGFBVm5NS05NdHRLMwpEZjZERU1JeEkzSmZQV2k2cVFTVkppRGV6SytveU5zV3ZBa08rZ3FIUDZYUHUzWEl1QnRSTEhzMTJRM2tBNHRXClNDSDdxNkkraHVXWk9BTmtxczRqT2JjdEoxWFVNeWloc1pWakhsSHdtMVhRYy9LVGtmWFFJeU1zZjM0OVhBT1YKd2NjdnR0NGdBM2phWndXUEw1TGFJS2tKMmwydEk5TmFIN0JpWVo2NFhVczFZR2R2UTcxMzBNbEV6dEFsemxPZQo5TTR0a3ZkRUxMY3Z5QnlFc1kzSmFPYldlL04vUlBrM3ZvbTRFUC9YRitkVG5JWFJPMG5MRFA1S3d6ajFDcHdiClJoN0pwNmRtZk9wQk1MS3RiNWlFS1VST1BqR0pUK2pLT1JoV2FUd280em1xajZFSHAxWjJjVWVaZHZab21RV00KYjc1eE5vSnlCS29vTEFhZmRHV08wQURSMW5iSzU2K1JwYkYwNy94SEhkV1IxU3VKRTZ2cHBrUTMzV09zTE1KYgpDbzE0MUFHKzVOUlBlNWJuNUtIOUtyZ3NKVE5QcGxoTmZxNUtHRSt4YitnZklINzFLdXhNZ0hhZkJwMk5nNDMyCmpHcjRaZkJKeS93OGNTMGpMV3J6QVBFdnoxWm1oSUVHTmVpT3M3OFFPNmVmZVQ0ZkNBb2h3N3FRdXIyM0s4WUIKVHlWRmRVYXE2M25kRnEza3FCR3RBb0lCQVFEWlBzODZTeUR3dkx0dGFMbGdwRTh6K1hneExSV1pSd1BDUSt5VgpBaEpLYWVoeHlhdkFQa3ArazVmMUVhQUw5ZzIwWkN6TUEzTjhpbXNFZTh6dmJyRHVSL3hCQ0lVR3BwbVFuRC9FCkNVUWs0VW42M3puTlpkSitoN2NuL2t5c2k3RDBvZDlvSGdZeEkzb2owVmhQTmtkd200R1NKOGx2WHJMN1JEL2YKY1hGS3J6SU9tZGtPSlkxRHlkdFJBUzc3Mk1LWFZVUnhhRloza2VQRkVUbG9xaXFnQklhS3QxZ3c5dVNydGtnOAplY1czTlZRREk1MjFRL3VOWVFhcUEyQUtHbUxYQzlDZzRHQ2Z4c2VhaUx4V2FFc2QrY09BenpvVTh2KzhuUFJvCnRWZEtQRWcvL2IwVEpBcnhoNFpRVk94b2dMVmJnVzJKb1k5Z3Nhc2xxWnBRYVJiTEFvSUJBUURNaGNCVkc4dk8KcXNtcXYycVYwKzI1MUtMdDVZMmhmVTVrM09PTnNJQVFsMWE3c0tPWTRlWGlWcEt6VDNKL2VtWmVMc1FtSG53MgpSZElYcWphVmpINWpOQURWOXRIc1FaMktBMHFWMkpPL1ZLN2ZRdGpWOFhJYUhoL2dJQVhYZXJTeUxkaDdyZEhwCmcreGZIYURCMWtLVW1aUjZNdEI4N2hsUTZuZ0JJNDkvN3hnSlJlVGVlZTJvajRzTjEwQUxWaTUxWHlOZlorRlYKUXU4RDJWUDZzc243MHF2ZW1wekxhUDcwWk5qMmVFUzdLSzhYRW03eDdTdHYwcHRabDduK0UrT3FaMWk0T1ZjRgo3VUNSQkNybURZV1lDTG1ham1SMDR6eUJlcHBKZlNSYkgzeTNtWEJlTndtbEZxbVF6NU5WTkRnL1lrY1BiTTRPCmFrQ1g3WlhQSDBqdkFvSUJBRmhaeC9OZ0xJUmJiU3BBeGV0OHgwMU83c2VwR3ppYi9mWmFvM095UlBnSWZHVVMKYkl3aGlUQlRIQ0NweTFveDlqN2Y0cXdSMXp6V0dsSFhlM0FBcDJvdzBuRXNZdFZpbWQrSy9BL2c2TnJLMk1oegpVbEdyVUdEdkZ0am4vZ3pLUHV3dWpPb09FOXlXSGcxRkRWSWh0QW9pNUI0cG1pMTE2UHB4Tmp6TUtSUURqaXNMCi9JOVpURXMrWTdoYzc5dXl1dWpLMzZ2emovN08wVUFMRWpyendhUVVVeGRGRzFQR2hSY2thZHBXZDhkYm85QW4KQXZOK00yYTdCL2ZLcVp0U1FkSk5Wc3FtbGdWRTFWYU90M0c0dHB2NVFMNDVDTmtPUGwxWnc3aDF6NHM4V3ZIVApZcnJQRkxoSHNxTW05b0pGbmZ3WjlnOWNLakJiOFV1KzN5aEdwT01DZ2dFQWVIemZad1JlR0IyemV2MFR2THJDCmxUUzQyNi9kdFdLTjJZdnNIdC81UWt6MkV0S29QbnZ1bzEzZlJQV3IvWC9OYVBUaUo1YlVGR0VqdVQ5VXN0dTIKNVppUVdYejBCTnhQQkN5V054c0ZSN1dLNUFxTWxkV05JK2ZWWFlOZ0RhYkRaeWp0SFVlMG4zNVJ0V05OL29QTQphNkRpd083SXRxREtsMG5hY3NsUlU4dzJlOWdLVWlyQW9Rb1hvSXJMdHlJSmNxb2V1NmtHTGVXbHk3MnY1TVNKCmkrcDd5RU9MMWFYQWRaZ24zV1BURWZPUTJ1WElLSXhSaDZvcVRTaStzUGxrcVZJRENWejJjSTVwK0VUZFJQUjQKWEszZk1qZHE1Uld0NHBXbzZWeHBHNm04SHFtdGNrTzRVZUs4K0l2aFAxUHBReVlSdVB1ZmxReHhpMCt6YnZiKwpUd0tDQVFBdHhVQVM4citBUDNVdWZpOUR2dWpJNXozK21XcVppTTVNeGc4T0pxMHFOUEU4VjZnZnJTc3BFZ0R0CkhXRjhUVU5vQVRXTENDYWsxdTlJbUJxaVBaTUg5V2ZSWGFMU29mckZKc1ZURnQrNVplVDZRTW5jMFJuQlpha0wKdkpNWDlyS2tiOThsZUlSZkN3emxuQlE4NElGTTQxZTBGMTUrODUzYUlpYnBCQUk3QkVmVHZKOEVnL20yMHcxSApyUFJQMWo2R1locGtBSW0yK1RWeDZERlkvSk82Sk0xaTB0ekh2N3ppaFNlamkwbHdCTUtKN00wVFJYejFkSmVSCjNHc0RsRDdtS3dMVmFCQktRMVV4aDF6WWJpYVV6VnN0MVMyV2R2dDEzZjg5SVY0TW1tdXEydjFVejRqZTdwREIKaEpJVHhSZXNnQ1RSMmFEMG5NekY4ZWdFS0pvWQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0t
在准备中使用以下文件的内容来填充占位符:
${Base64 encoded CA}- 从准备步骤 1 获取 'ca.crt并运行 cat 'ca.crt| 'base64'-w0$ '{CLIENT_CERTIFICATE}- 从准备步骤 3 获取 'client.crt并运行 cat 'client.crt| 'base64'-w0$ '{CLIENT_PRIVATE_KEY}- 从准备步骤 3 获取 'client-key-pkcs8.pem并运行 cat 'client-key-pkcs8.pem| 'base64'-w0
例如:
"server": LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZVVENDQXprQ0ZESkM2Mm4rUWFaZWRyQjF4K0JCSzVQMmF0ZVZNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1HVXgKQ3pBSkJnTlZCQVlUQWtSRk1SSXdFQVlEVlFRSURBbFRkSFYwZEdkaGNuUXhFakFRQmdOVkJBY01DVk4wZFhSMApaMkZ5ZERFTU1Bb0dBMVVFQ2d3RFNVSk5NUXd3Q2dZRFZRUUxEQU5KUWsweEVqQVFCZ05WQkFNTUNXeHZZMkZzCmFHOXpkREFlRncweU1qQTRNVFV3T0RRMU1UQmFGdzB5TXpBNE1UVXdPRFExTVRCYU1HVXhDekFKQmdOVkJBWVQKQWtSRk1SSXdFQVlEVlFRSURBbFRkSFYwZEdkaGNuUXhFakFRQmdOVkJBY01DVk4wZFhSMFoyRnlkREVNTUFvRwpBMVVFQ2d3RFNVSk5NUXd3Q2dZRFZRUUxEQU5KUWsweEVqQVFCZ05WQkFNTUNXeHZZMkZzYUc5emREQ0NBaUl3CkRRWUpLb1pJaHZjTkFRRUJCUUFEZ2dJUEFEQ0NBZ29DZ2dJQkFKZFMyS3ZwMEo3ZGlXNytSbWh2ZFIxbjNNa0kKTXVnbldrQjJMM1RpNm1aNUZhcGhlQlZYS3EwV2RMRCt0Rm0ydFhXcUxmb09henFQSmpYSkVwR1BFNUk4Mk9nNwovNndMbmJla3RFRExpT2hleGZ0Smpkb0NtQ1RwMEhwWVhqV3RIMzl0cWdCTHNLVmZ6aEoySFByWlA1RUpDOHQ5CnVFdjQ2dzBaaVJ6d2tRYjdhZ3pZdWNpK0RFVXhjc2dvTHB6Z3R6VC9yWFlxOGlwNUhLb2ZQYyszSnBaeGRXZ00KSDE4MVFHalduZ1FRSXVrZTR0cXAyc3FjZTZWNkZLWktLTk9NeVZsczgvcEYrTlZzck1na2VZSFpzaUU1Um4wQgpiU2RXSTh1VWx6YjhoZnBxcXBNeDhhclYxNnRoT1JHZ0NrOVZ1RndiL0k4cVU3OVY0ZTVQcjB3SXgxTG9qV1BzCnUxM1Z3RnFka1c1TlVuV2lPNlBXN00yM0cvWVZUQ1Q1WFF5dC9XQWFOQmtSRlZ6SCtVV1o1ZTVsME1MTW5ibDkKWmc3ZFdBZWgxckNiTnIzS1NCa2MzdXJEQmtCelhJUXpiSWY3ZkUwT2Uxam9pVXlsRUk1dlVlK0g2K2JQcHFuawpQa3hKWW5ER3Y4QkVwWUZSRHg0emNQLzVtaGFQNHB2MHBTNGJaVjdrdExnQUVrUmxLT0M4blZ4YjBrdDJFMXZ2CjBLN2ZSZjc0OVdPdGM3cjdQQ2dvUXBNd21DNzNtZmhsaFRJVXk5VDB5UkJ6M1c5c0xqbFZ4ZVEzNHpnb2pmeXYKV2ZGRzcwZWxrZ3N3Zdjndfdk1lPL0JhaDNJYzBYa2NxQWhkRnhtbFJrYldwaVpPMXJKWk9OVnJWQ2RZZ0NtWEVTcTZyZwowRTA1RGF2eDlSZU9XcTZQQWdNQkFBRXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnSUJBQ3hGNy9YV0NpMHdTa3VPCmJjRHhWQ2NEQVRPeEdlYzlNU1duaUw4ajlleFY3Wm1tWW1ETjVBUytiMERQd0ExMlBCL2FLMTh4S0MxQzV0T0YKNW1lY2VEL0dNKzZTY1RYS0EwajZidmh0amw3UmdUdStVbSsrVkFnbk13MnkrTEVVbVQwRG5qdy9zYWlXa1hEVgpMeGI3cytodWdQSTZra1lWNElHMVJjTHZCa2M5UkFyZWxLVlNqbVFOblZTYVZIcVg4NlpBeEl1eGR0RHdRcFh3CjJycStLM09qSCtSa0FXWGtHbGo3ZUNxZGNyYzVjRks3a1gvbTcxdGVSM0pQdWpLYmp0SlYxNzA4WTV4UUhPVjcKUGF3L3dvYXoycmRITkMwMXI4Z2pkODhvNXFoaURxd2JsNU1RVHNPb2N4MjdSYU4yUFV2QVg0SlpvS0NnMVVIUgo4TzZyNVhvZXNvY1pkRGhUYy9xU3J3YU42VGxDb2JhKzhJSjZqSE9KMW9DWjA5ZHJUS29RdEJyVlFlYnhMY2dOCjMyWEpKd01ub2RyS3hqN0tLdnNTaDNGV0ZYQU82UlJGUGV6M2hSSU9PTU56dk5mejdpb0xaeHppWis2TWYyVzYKSHBrdlg2QjNzcnh5SGN1M3hOb0VpOS81V255UlJHZ2hMZzcrc0VpbllkaURmWk52b1RUY0xYUDZPVmxCQWl4bgpzTWN3anVIeUdVc2RaTTZlSTJ5UUF1TVBaQ3NZRWRXVDFmMjN4ZWhjUWpnL0dFSml2d3VVbEFjK3VuNTAzOVNnCjRrQWNCZFZQc3FXV0o2dXZQS01zWUFZdGRWUkdNZ1FHY1VvbE1YNCtTcENoUzRkcEZhOG4xNlUvdE9vVEpqSSsKSU1ncEt3Z0VWRGpubFAzcXB0T2xrUm9wallWVgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t,
"cert": LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNZVENDQVVtZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREJBTVFzd0NRWURWUVFHRXdKVlV6RVkKTUJZR0ExVUVDZ3dQVW5ONWMyeHZaeUJVWlhOMElFTkJNUmN3RlFZRFZRUUREQTVqWVM1bGVHRnRjR3hsTG05eQpaekFlRncweU1qRXdNVEl4TmpFMU1qZGFGdzB6TWpFd01Ea3hOakUxTWpkYU1Cb3hHREFXQmdOVkJBTVREMFJGClUwdFVUMUF0T0RsTE9Fd3lSREJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCRnc0QWFhQ1hESE8Ka0hGVTBJNHM3RUYweFQvYk1aZTUxbGFCVDcyL1VPcm9aVEZncEtFSDJWTzdQampQU3dZUDdCL1JreWhlUm1acwp0V0ZnK09qV3NFK2pWekJWTUE4R0ExVWRFd0VCL3dRRk1BTUJBUUF3RGdZRFZSMFBBUUgvQkFRREFnR0lNQllHCkExVWRKUUVCL3dRTU1Bb0dDQ3NHQVFVRkJ3TUJNQm9HQTFVZEVRUVRNQkdDRDBSRlUwdFVUMUF0T0RsTE9Fd3kKUkRBTkJna3Foa2lHOXcwQkFRc0ZBereojoQU9DQVFFQXRLYzViN2wxNWY4Z1hKZXA2SjRvS2dLWWI0YTlJeWZNMnNGUgppYmprMmFKSkExYkJzMkRNbHZNbTlhVHFVNStFeURSUDNEVEd3bG8vNUlKYmVQV290Y2pwN21reklyN3lhcFlTCld5SVRtMnhQZTdQd2MxVk5GNWhmQ2NsSTI1OEFPbW1ZQUxDZWx0YmJCQUd1WDRrMzZSWlF6YjRIK3BkVmI2NXAKTkxLYVYvaGtxUy9DZ1AwbkdXWEc1UExCeFJ3dTN5Y0hXeFgzRTdGc1JXMUsxZC9oczdrMHdoaE1adndZSHZnegpYVWZ0Q2RrYkp0R3l0YlNxa2NvcjVtZDRSbTBuelpPdVVaY1phVTRXUnNLc0ZUY2lsZ1VlOVlYZkFUNUdpZ3lqClllRGJZTXhQWWFSS1QzR01ybUowOW9rY0VIaTdqRjNhWVoxU2s4b2c0VEJWV2YvYlpBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==,
"key": LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ1NQTkc0Z0U0TVREQm5lMXIKa0VPQldFM0NGa0NuS2lXVXQ5T3FTcVJHa3ZTaFJBTkNBQVJjT0FHbWdsd3h6cEJ4Vk5DT0xPeEJkTVUvMnpHWkdfkdAp1ZFpXZ1UrOXYxRHE2R1V4WUtTaEI5bFR1ejQ0ejBzR0Qrd2YwWk1vWGtabWJMVmhZUGpvMXJCUAotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0t
服务器设置
可以通过多种方法来设置兼容的服务器端点。 以下示例显示了 rsyslog 服务器的简单设置。
-
安装所需的服务器软件包 (示例显示 Ubuntu)。
apt-get install rsyslog rsyslog-gnutls
-
从准备步骤中获取证书和密钥。
ca.crt
-从步骤 1,复制到/certs/ca.crt
server.crt
-从步骤 2,复制到/certs/server.crt
server-key.pem
-从步骤 2,复制到/certs/server-key.pem
-
在
/etc/rsyslog.d/server.conf
文件中配置 rsyslog 服务器。# output to journal module(load="omjournal") template(name="journal" type="list") { # can add other metadata here property(outname="PRIORITY" name="pri") property(outname="SYSLOG_FACILITY" name="syslogfacility") property(outname="SYSLOG_IDENTIFIER" name="app-name") property(outname="HOSTNAME" name="hostname") property(outname="MESSAGE" name="msg") } ruleset(name="journal-output") { action(type="omjournal" template="journal") } # make gtls driver the default and set certificate files $DefaultNetstreamDriver "gtls" $DefaultNetstreamDriverCAFile /certs/ca.crt $DefaultNetstreamDriverCertFile /certs/server.crt $DefaultNetstreamDriverKeyFile /certs/server-key.pem # load TCP listener module( load="imtcp" StreamDriver.Name="gtls" StreamDriver.Mode="1" StreamDriver.Authmode="x509/certvalid" ) # start up listener at port ${PORT} input( type="imtcp" port="${PORT}" ruleset="journal-output" )
确保填写
${PORT}
占位符。 它必须与合同中的${PORT}
设置匹配。示例配置会将接收到的日志记录到其自己的日志中。 在生产设置中,您可能希望将日志转发到数据库,但这不在本文档的范围内。
gnutls
软件包为客户机证书提供 对签名的要求。 一定要和他们见面在此配置中,我们接受由认证中心通过
x509/certvalid
方式签署的任何客户机证书。 这可能根据StreamDriver.Authmode
设置而更改。 请参阅 StreamDriver。Authmode。 -
重新启动系统日志服务。
service syslog restart