Encrypted syslog server setting

Name

  syslogs

Details

Type String
DHCP option number 175.85
ISC dhcpd syntax option ipxe.syslogs

Examples

Display the encrypted syslogs server

  iPXE> show syslogs
  net0.dhcp/syslogs:string = syslog.example.com

Set the encrypted syslog server manually

  iPXE> set syslogs syslog.example.com

Configure the syslog server in ISC dhcpd

  # in /etc/dhcpd.conf
  option space ipxe;
  option ipxe-encap-opts code 175 = encapsulate ipxe;
  option ipxe.syslogs code 85 = string;
  
  option ipxe.syslogs "syslog.example.com";

Description

Specifies the encrypted syslog server address used for recording iPXE output to a remote logfile.

See also

Build options

This setting is available only when the build option CONSOLE_SYSLOGS is enabled.

Notes

The encrypted syslog server name must exactly match the name in the TLS certificate presented by the server.

It make take a short time for the connection to the encrypted syslog server to be established. During this time, any log messages will be lost. You may therefore wish to use the sync command to wait for the connection attempt to complete. For example:

  #!ipxe
  
  set syslogs syslog.example.com
  sync
  chain ${filename}  # Continue with boot

There is no way to detect whether or not the connection to the encrypted syslog server was successful.

Using an encrypted syslog server is more secure than using a standard unencrypted syslog server, but may be less reliable since there are several circumstances in which messages may be lost.

cfg/syslogs.txt ยท Last modified: 2012/06/09 18:29 by mcb30
Recent changes RSS feed CC Attribution-Share Alike 4.0 International Driven by DokuWiki
All uses of this content must include an attribution to the iPXE project and the URL https://ipxe.org
References to "iPXE" may not be altered or removed.