rsyslog when using mgmt vrf

  • 1
  • Question
  • Updated 1 year ago
hi all,

anyone have any guidance or pointers on using rsyslog in conjunction with mgmt-vrf?  Cumulus 3.1.2 running, using the mgmt-vrf function.  Trying to get syslog off to syslog server in the OOB MGMT network working, and I think it may have to do with interaction with mgmt-vrf.  I tried following similar documentation around NTP etc, of stopping service and restarting with rsyslog@mgmt for example, but it seemed to barf about that.  Searched around in the documentation and couldn't find documentation, caveats, or anything regarding syslog where syslog server is in OOB MGMT with mgmt vrf is used.

Thanks,

Will
Photo of Will McLendon

Will McLendon

  • 440 Points 250 badge 2x thumb

Posted 1 year ago

  • 1
Photo of David Ahern

David Ahern, Employee

  • 312 Points 250 badge 2x thumb
Hi Will:

Unfortunately, rsyslog can not be run as a VRF instance, so systemctl with rsyslog@mgmt will not work. We added an option to rsyslog for its output plugins to work with VRFs (https://github.com/rsyslog/rsyslog/commit/19e5d06f6637d7b39284edf08ce0b5ec02084ea6). It will be available in our next release along with an example of how to use it and a documentation update.

David 
Photo of Will McLendon

Will McLendon

  • 440 Points 250 badge 2x thumb
hello,

thank you for the response -- is this addressed in the new 3.2 release, or in the next expected version?

Thanks,

Will
Photo of David Ahern

David Ahern, Employee

  • 312 Points 250 badge 2x thumb
Yes, it is.  After upgrading to 3.2, you can configure rsyslog to send messages to a remote address in a VRF using:

action(type="omfwd" Target="hostname or ip here" Device="mgmt" Port=514 Protocol="udp")

Add that line to /etc/rsyslog.conf or to a file under /etc/rsyslog.d. Set Target string to the address of the remote system.
Photo of Will McLendon

Will McLendon

  • 440 Points 250 badge 2x thumb
Thanks David.  I will give this a go this week.
Photo of Will McLendon

Will McLendon

  • 440 Points 250 badge 2x thumb
finally got around to testing this, and one syntax issue with your post.  you need quotes around port number as well, so it would be:

action(type="omfwd" Target="hostname or ip here" Device="mgmt" Port="514" Protocol="udp")

seems to be working like a champ now on the one unit i've applied it to.  now to get it added to our ansible provisioning!
Photo of David Ahern

David Ahern, Employee

  • 312 Points 250 badge 2x thumb
Indeed. Not sure how I dropped the quotes. Thank you for letting me know; I'll update the docs and example shipped with rsyslog package.