====== Encrypted syslog server setting ======

===== Name =====

    syslogs

===== Details =====

^ Type                | [[:cfgtype:string|String]]            |
^ DHCP option number  | 175.85                                |
^ ISC dhcpd syntax    | ''option ipxe.syslogs''               |

===== Examples =====

=== Display the encrypted syslogs server ===

    iPXE> show syslogs
    net0.dhcp/syslogs:string = syslog.example.com

=== Set the encrypted syslog server manually ===

    iPXE> set syslogs syslog.example.com

=== Configure the syslog server in ISC dhcpd ===

    # in /etc/dhcpd.conf
    option space ipxe;
    option ipxe-encap-opts code 175 = encapsulate ipxe;
    option ipxe.syslogs code 85 = string;
    
    option ipxe.syslogs "syslog.example.com";

===== Description =====

Specifies the encrypted syslog server address used for recording iPXE output to a remote logfile.

===== See also =====

  * ''[[:cfg:syslog]]''
  * [[:console|Console configuration]] in iPXE
  * [[:cfg|List of all iPXE settings]]

===== Build options =====

This setting is available only when the build option ''[[:buildcfg:CONSOLE_SYSLOGS]]'' is enabled.

===== Notes =====

The encrypted syslog server name must exactly match the name in the TLS certificate presented by the server.

It make take a short time for the connection to the encrypted syslog server to be established.  During this time, any log messages will be lost.  You may therefore wish to use the ''[[:cmd:sync]]'' command to wait for the connection attempt to complete.  For example:

    #!ipxe
    
    set syslogs syslog.example.com
    sync
    chain ${filename}  # Continue with boot

There is no way to detect whether or not the connection to the encrypted syslog server was successful.

Using an encrypted syslog server is more secure than using a standard unencrypted syslog server, but may be less reliable since there are several circumstances in which messages may be lost.