NSP application log forwarding to Elasticsearch

Description

NSP application log forwarding to a remote Elasticsearch server is disabled by default. To enable NSP application-log forwarding to an Elasticsearch server, you configure the parameters in the nsp—modules—logging—forwarding—applicationLogs—elasticsearch section of the NSP configuration file.

Activation and security

In order to activate Elasticsearch application-log forwarding, you must copy the required TLS certificate files from the Elasticsearch server to the following location on the NSP deployer host:

/opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/tls/fluent

If mTLS is enabled on the internal NSP interface, the following TLS files are required for the mutual authentication:

• root CA certificate

• client certificate

• client key

If basic TLS is enabled on the internal NSP interface, the root CA certificate file is mandatory, and the client files are optional.

The files transferred to the NSP deployer host must be named as follows:

• root CA certificate file—ca_cert.pem

• client certificate file—client_cert.pem

• client key file—client.key

During initialization, the NSP imports the required TLS certificates to the local trust store.