You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: azure-local/manage/manage-syslog-forwarding.md
+9-8Lines changed: 9 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ author: alkohli
5
5
ms.author: alkohli
6
6
ms.topic: how-to
7
7
ms.service: azure-stack-hci
8
-
ms.date: 11/07/2024
8
+
ms.date: 11/16/2024
9
9
---
10
10
11
11
# Manage syslog forwarding for Azure Local
@@ -24,13 +24,14 @@ Syslog forwarding agents work independently from each other but can be managed a
24
24
25
25
The syslog forwarder in Azure Local supports the following configurations:
26
26
27
-
-**Syslog forwarding with TCP, mutual authentication (client and server), and TLS 1.2 encryption:** In this configuration, both the syslog server and the syslog client verify the identity of each other via certificates. Messages are sent over a TLS 1.2 encrypted channel. For more information, see [Syslog forwarding with TCP, mutual authentication (client and server), and TLS 1.2 encryption](#syslog-forwarding-with-tcp-mutual-authentication-client-and-server-and-tls-12-encryption).
28
-
-**Syslog forwarding with TCP, server authentication, and TLS 1.2 encryption:** In this configuration, the syslog client verifies the identity of the syslog server via a certificate. Messages are sent over a TLS 1.2 encrypted channel. For more information, see [Syslog forwarding with TCP, server authentication, and TLS 1.2 encryption](#syslog-forwarding-with-tcp-server-authentication-and-tls-12-encryption).
27
+
-**Syslog forwarding with TCP, mutual authentication (client and server), and TLS encryption:** In this configuration, both the syslog server and the syslog client verify the identity of each other via certificates. Messages are sent over a TLS encrypted channel. For more information, see [Syslog forwarding with TCP, mutual authentication (client and server), and TLS encryption](#syslog-forwarding-with-tcp-mutual-authentication-client-and-server-and-tls-encryption).
28
+
-**Syslog forwarding with TCP, server authentication, and TLS encryption:** In this configuration, the syslog client verifies the identity of the syslog server via a certificate. Messages are sent over a TLS encrypted channel. For more information, see [Syslog forwarding with TCP, server authentication, and TLS encryption](#syslog-forwarding-with-tcp-server-authentication-and-tls-encryption).
29
29
-**Syslog forwarding with TCP and no encryption:** In this configuration, the syslog client and syslog server identities aren’t verified. Messages are sent in clear text over TCP. For more information, see [Syslog forwarding with TCP and no encryption](#syslog-forwarding-with-tcp-and-no-encryption).
30
30
-**Syslog with UDP and no encryption:** In this configuration, the syslog client and syslog server identities aren’t verified. Messages are sent in clear text over UDP. For more information, see [Syslog forwarding with UDP and no encryption](#syslog-forwarding-with-udp-and-no-encryption).
31
31
32
32
>[!IMPORTANT]
33
33
> To protect against man-in-the-middle attacks and eavesdropping of messages, Microsoft strongly recommends that you use TCP with authentication and encryption in production environments.
34
+
> TLS encryption version depends on the handshake between the endpoints. Both, TLS 1.2 and TLS 1.3, are supported by default.
34
35
35
36
### Cmdlets to configure syslog forwarding
36
37
@@ -60,16 +61,16 @@ The following table provides parameters for the `Set-AzSSyslogForwarder` cmdlet:
60
61
|OutputSeverity |Level of output logging. Values are Default or Verbose. Default includes severity levels: warning, critical, or error. Verbose includes all severity levels: verbose, informational, warning, critical, or error. |String |No |
61
62
|Remove |Remove current syslog forwarder configuration and stop syslog forwarder. |Flag |No |
62
63
63
-
### Syslog forwarding with TCP, mutual authentication (client and server), and TLS 1.2 encryption
64
+
### Syslog forwarding with TCP, mutual authentication (client and server), and TLS encryption
64
65
65
-
In this configuration, the syslog client in Azure Local forwards messages to the syslog server over TCP with TLS 1.2 encryption. During the initial handshake, the client verifies that the server provides a valid, trusted certificate. The client also provides a certificate to the server as proof of its identity.
66
+
In this configuration, the syslog client in Azure Local forwards messages to the syslog server over TCP with TLS encryption. During the initial handshake, the client verifies that the server provides a valid, trusted certificate. The client also provides a certificate to the server as proof of its identity.
66
67
67
68
This configuration is the most secure as it provides full validation of the identity of both the client and the server, and it sends messages over an encrypted channel.
68
69
69
70
> [!IMPORTANT]
70
71
> Microsoft recommends that you use this configuration for production environments.
71
72
72
-
To configure syslog forwarder with TCP, mutual authentication, and TLS 1.2 encryption, configure the server and provide certificate to the client to authenticate against the server.
73
+
To configure syslog forwarder with TCP, mutual authentication, and TLS encryption, configure the server and provide certificate to the client to authenticate against the server.
73
74
74
75
Run the following cmdlet against a physical host:
75
76
@@ -80,9 +81,9 @@ Set-AzSSyslogForwarder -ServerName <FQDN or IP address of syslog server> -Server
80
81
> [!IMPORTANT]
81
82
> The client certificate must contain a private key. If the client certificate is signed using a self-signed root certificate, you must import the root certificate as well.
82
83
83
-
### Syslog forwarding with TCP, server authentication, and TLS 1.2 encryption
84
+
### Syslog forwarding with TCP, server authentication, and TLS encryption
84
85
85
-
In this configuration, the syslog forwarder in Azure Local forwards the messages to the syslog server over TCP with TLS 1.2 encryption. During the initial handshake, the client also verifies that the server provides a valid, trusted certificate.
86
+
In this configuration, the syslog forwarder in Azure Local forwards the messages to the syslog server over TCP with TLS encryption. During the initial handshake, the client also verifies that the server provides a valid, trusted certificate.
86
87
87
88
This configuration prevents the client from sending messages to untrusted destinations. TCP using authentication and encryption is the default configuration and represents the minimum level of security that Microsoft recommends for a production environment.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments