To enable NSP application-log forwarding to a syslog server, you must configure the parameters in the nsp—modules—logging—forwarding—applicationLogs—syslog section of the NSP configuration file.

Note: A syslog server address can be an IPv4 or IPv6 address, or a hostname or FQDN that the local NSP cluster and the NFM-P can resolve.

To secure the application-log forwarding, you must generate a TLS certificate on the syslog server and transfer the certificate to the caCertPath location that you specify in the trustedCertificates (tls—trustedCertificates) section of the NSP configuration file. During initialization, the NSP imports the certificate to the local trust store.

For example:

========================================

tls:

   trustedCertificates: []

        # - /path/to/cert-example-1.pem

        # - /path/to/cert-example-2.pem

========================================

“What is the syslog record format for NSP application log forwarding?” in the NSP System Administrator Guide describes the NSP application log record format.

In order to add certificates to the nsp-trust-bundle, you add certificates for secure mail, LDAP, nfmt or other custom certificates to the trusted certificates list.

During or after NSP installation, you can add the LDAP and secure email server trust certificates by configuring the following parameters in the nsp—deployment—tls—trustedCertificates section of the NSP configuration file:

/opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/config/nsp-config.yml

Example:

nsp:

  deployment:

    tls:

      trustedCertificates: ["/trust-cert-path/ldap-cert.pem", "/trust-cert-path/sec-email-cert.crt"]

Enter the following to apply the certificates on the NSP deployer host:

# /opt/nsp/NSP-CN-DEP-release-ID/bin/nspdeployerctl install --config --deploy ↵

When the installation is complete, restart the nspos-keycloak pod.