Sending logs to an external security information and event management (SIEM)

Information to forward the logs generated to the Audit Store and SIEM.

This is an optional step.

The Protegrity infrastructure provides a robust setup for logging and analyzing the logs generated. It might be possible that an existing infrastructure is available for collating and analyzing logs.

In the default setup, the logs are sent from the protectors directly to the Audit Store using the Log Forwarder on the protector. Use the configuration provided in this section to send the logs to the Audit Store and the external SIEM.

Prerequisites

Ensure that the following prerequisites are met:

  • The external SIEM is accessible.
  • The required ports are open on the external SIEM.
  • The certificates for accessing the external SIEM are available.
  • Prepare the CA.pem, client.pem, and client.key certificate content using the following steps:

    1. Navigate to the directory where the certificates from the SIEM are stored.

    2. Run the following command to obtain the CA certificate file content.

      awk '{printf "%s\\n", $0}' <CA_certificate_file>

      Example:

      awk '{printf "%s\\n", $0}' CA.pem

    3. Run the following command to obtain the client certificate content.

      awk '{printf "%s\\n", $0}' <client_certificate_file>

      Example:

      awk '{printf "%s\\n", $0}' client.pem

    4. Run the following command to obtain the client key content.

      awk '{printf "%s\\n", $0}' <client_key_file>

      Example:

      awk '{printf "%s\\n", $0}' client.key
  • Update the configuration on the protectors.

Updating the protector configuration

Configure the protector to send the logs to the fluentd. The fluentd in turn forwards the logs received to the Audit Store and the external location.

  1. Log in and open a CLI on the protector machine.

  2. Back up the existing files.

    1. Navigate to the config.d directory using the following command.

      cd /opt/protegrity/logforwarder/data/config.d

    2. Back up the existing out.conf file using the following command.

      cp out.conf out.conf_backup

    3. Back up the existing upstream.cfg file using the following command.

      cp upstream.cfg upstream.cfg_backup

  3. Update the out.conf file for specifying the logs that must be forwarded to the Audit Store.

    1. Navigate to the /opt/protegrity/logforwarder/data/config.d directory.

    2. Open the out.conf file using a text editor.

    3. Update the file contents with the following code.

      Update the code blocks for all the options with the following information:

      • Update the Name parameter from opensearch to forward.

      • Delete the following Index, Type, and Time_Key parameters:

            Index pty_insight_audit
    Type  _doc
    Time_Key ingest_time_utc

      • Delete the Supress_Type_Name and Buffer_Size parameters:

            Suppress_Type_Name on
    Buffer_Size false

      The updated extract of the code is shown here.

      [OUTPUT]
 Name forward
 Match logdata
 Retry_Limit False
 Upstream /opt/protegrity/logforwarder/data/config.d/upstream.cfg
 storage.total_limit_size 256M
 net.max_worker_connections 1
 net.keepalive off
 Workers 1

[OUTPUT]
 Name forward
 Match flulog
 Retry_Limit no_retries
 Upstream /opt/protegrity/logforwarder/data/config.d/upstream.cfg
 storage.total_limit_size 256M
 net.max_worker_connections 1
 net.keepalive off
 Workers 1

      Ensure that the file does not have any trailing spaces or line breaks at the end of the file.

    4. Save and close the file.

  4. Update the upstream.cfg file for forwarding the logs to the Audit Store.

    1. Navigate to the /opt/protegrity/logforwarder/data/config.d directory.

    2. Open the upstream.cfg file using a text editor.

    3. Update the file contents with the following code.

      Update the code blocks for all the nodes with the following information:

      • Update the Port to 24284.

      • Delete the Pipeline, tls, and tls.verify parameters:

            Pipeline   logs_pipeline
    tls        on
    tls.verify off

      The updated extract of the code is shown here.

      
[UPSTREAM]
    Name       pty-insight-balancing

[NODE]
    Name       node-1
    Host       <PPC FQDN>
    Port       24284

      The was configured in Step 4 of Deploying PPC. Ensure the FQDN does not exceed 50 characters. The code shows information updated for one node. For multiple nodes, update the information for all the nodes.

      Ensure that there are no trailing spaces or line breaks at the end of the file.

    4. Save and close the file.

  5. Restart logforwarder on the protector using the following commands.

    /opt/protegrity/logforwarder/bin/logforwarderctrl stop
/opt/protegrity/logforwarder/bin/logforwarderctrl start

  6. If required, complete the configurations on the remaining protector machines.

  7. Update the fluentd configuration to send logs to the external location using the information from syslog commands or fluentd commands.

syslog commands

The commands provided here are used for sending logs to the Audit Store, retaining the default storage location, and an external syslog SIEM.

Viewing the current configuration

The command to view the log forwarding configurations.

insight list syslog

Verifying connectivity

The command to verify that the external syslog SIEM is accessible.

insight test syslog --host <syslog_address> --port <syslog_port>

Example:

insight test syslog --host 192.168.1.100 --port 6514

Forwarding logs to the syslog server

The command to forward logs to the syslog server.

insight configure syslog --host <syslog_address> --port <syslog_port> --ca_content "<ca.crt_content>"  --cert_content "<client.crt_content>" --key_content "<client.key_content>"

Example:

insight configure syslog --host 192.168.1.110 --port 6514 --ca_content "-----BEGIN CERTIFICATE-----\nMIIFmDCCA4CgAwIBAgIIWF8OX+P4jAAwDQYJKoZIhvcNAQELBQAwVzEYMBYGA1UE\nCgwPUHJvdGVncml0eSBJbmMuMQswCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVn\ncml0eSBSb290IENBIC0gWklTbkdKRE5tekdPdGEyQzAgGA8yMDI1MTIyMTAwMDAw\nMFoXDTM1MTIyMDA3NDE1MFowVzEYMBYGA1UECgwPUHJvdGVncml0eSBJbmMuMQsw\nCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVncml0eSBSb290IENBIC0gWklTbkdK\nRE5tekdPdGEyQzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL6nK47Y\n/hs1nBnHxg2/S6ieL/JH9H6M9321qHaSIbqAS2KBy2iNDoy3EhKvHXOgd4TgWc7+\nMGiREDK9QsOZ1UKFn5p5cXt0lkGsRSVB5sh2GurGxCtKEwtXlK8OGAWhz46dmjEr\nT02SH7H6WQA+Zh8+OTdzjpo/aujdI6pGVslSY/ulFcqQF16U7aRTmobPpdSZuFWN\nuBcoAXLhDBLutCWQaYSodksRha6I6olrlSditoHHGOnMWC6S4/+NT1XtSvBEIhVn\nMDRym6UKLNlhR+bb3lyGK5HgA2frXduNIL244z931Ii+JAnvpIsZrQ9k1UghG0L7\n3zLTMSCf1y3yWKhXWnPcN41zWeqiF+gk0zFoIQiaDPjhqNyjzTheXX8YqiTf226E\nxTg1Xrac3LF5Ju+3gCioUzpOo3WbphDmZfDTMBj0cWn7GszLkiNd/AX5bLf/+OdJ\n9KaZSOQcit4A9bxERWFS0vT8aGfN43mUFXrpKLmpltZkmtt4XloEeGndZbHF60hy\n+nRzJVNs9B63xP9+NdpWgvoiRVOBKB04XVcNC6nMCMwYjJRLmBzQQ9PT3dQ2dnpj\nj0TuU/44bj5S5t6aVvEOeKanHHeVqRQm8Kzt4WfDvjp1ASOkApvA5+Xs+DpcKbWH\nMCAZDQpi2vWu8d+c569FvN4e0SbP0qM26NgvAgMBAAGjZjBkMBIGA1UdEwEB/wQI\nMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSnfq6PGf8AwEL9XGyQ\nM1I6087OzjAfBgNVHSMEGDAWgBSnfq6PGf8AwEL9XGyQM1I6087OzjANBgkqhkiG\n9w0BAQsFAAOCAgEALXZZNaa60cpYNFEXgr780IqKUdZa995OvRUs1dCYd4WqzzJD\nVad8Z48GJX3/u/XAk2UM+mUSGaFowqhek58YX0b24O0PG+y3O0XT0EX/+80Fu+Kt\nkPSbiaPyeYxGqEjwed/Y9X5AJig68NA/FRcT5dq2sWA8hcej8Ghm6D3gu9PdBWpk\nRstITsdaSfx6N+avJ0keGMHqLDLSr948XbehRHH9FnvkPfDtkwKzNwhYmeB6/c+v\nal/JLfPy6VWi3fK37XmuhSh2aZ/vsjT7sxvfFTndUVBeumvCS4wW+bByxpC5XBHW\nB1TrPCczqaDqDD/ib1YCLfY6Qgi8IINEsDDkDgpevW2JxSjTywGGYea4J3M5oOdg\nNhjNWt00H/rugEzkB9hP4po9QHSFX5qWgzT/ws01mOcaOr4UQ8msSyVZmfpJkdHy\nx4n4jhvdlsQKhKM7OmpuXGIA7r/lqU5WDQl1Erj/6cNeWp4vx+606mvbjpzk2Lcp\ni0wBnz27jvN4Xvw+zBMzMBMm5iPwKDMKUyo3q87DFC6lBvBwF0kbPom+yLhHH/rF\n0hr21PATUrHHutFebZ3ZqZwusiKKOoD6fpQrF2mwnVGHQPwTUamSFKQZsf9jw3ic\n4zY2nruXc0OSWS2gf1FKRDxpgpMUjthA3nO1YJuiP4I7fB5mqSoYY8bsyhc=\n-----END CERTIFICATE-----\n"  --cert_content "-----BEGIN CERTIFICATE-----\nMIIFHDCCAwSgAwIBAgIIcePfAqBgEAAwDQYJKoZIhvcNAQELBQAwVzEYMBYGA1UE\nCgwPUHJvdGVncml0eSBJbmMuMQswCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVn\ncml0eSBSb290IENBIC0gWkldeedKRE5tekdPdGEyQzAgGA8yMDI1MTIyMTAwMDAw\nMFoXDTM1MTIyMDA3NDE1MlowQzEYMBYGA1UECgwPUHJvdGVncml0eSBJbmMuMQsw\nCQYDVQQGEwJVUzEaMBgGA1UEAwwRUHJvdGVncml0eSBDbGllbnQwggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQCn7/6ZMkJkt1/9iOj+0S8aE64w69iSpEUH\ns/wlCJG5mx7QhMKwTeJSjXO+oVSDH7Kr+eoIpTh4Zt6aC9oUaynJ4tLpE1/xb5V9\n2Brafthx6b49/kgeCEvDQtFbmwJPOZ9f2W71oK8s6zgM/dASpH4LgAu3Y7vfJ9eH\nZB63MuDFc429WyDuXQ4xnQ07RUKd40Q7JSKt4WNIdl7IVlAdAwTg+/4+xhYohSgi\ndi82XJRD0MCs0EQg6K5G0Do8DcAmdBsE3LTjJr55G1Juscv6qfh0BCTuyhJpS3dI\nQa5YiSuTIDiO45h8V4BS/+AB42tYSejvQKVmCbaCb9aqwn9LjrM0G4GYU0llvVi0\nvi8d76s9wb1V0Au0lkr/xFMCXebYWGr1I48kKlFKf0l11fP0rjAQO+qWwNJI1ax8\n7g1dh49NwBJbnZJvlv1Hb5KlrOvwHfr8UkFBZ1GVBZum0wbwFirZXxuU43AZp2S\nnwVDl+i3fP4FEu8SMIijhU3NQeA8PbVcyx3xgsOiNO3wXp2Rt380D4Ynw5A7pF6Y\nUD4TefMzUCgDFEykuUzZlnT9mBR34F4bYUQSLPPqWDXedAHfuUh9na2ws3BltpAV\nvpNM9xWl2NQN6Xsp+gAuMwIHcj0FTiJ38UFyzvPCJ/e+FsW3qWQkgDNhUYlOAplf\np8o/+1Fm7wIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB+s91FIrthptvdBygBsen4\nLaQpfAGIEyeiG1VdTeXtlev2HjPk0p3FnbjZVQhyT00SCWPHa7Vd6ypIqlIFYvnq\nUvUc0fkUqnpAeRWK9p1bif32Qs3rS6Q8mDDVbe2BP/gxOdrPkKPZLZ/rA4cYQAh0\nx/RsdxXtiBkOQpNjZO+UUbyPqohRKek/yLEiltsdBcXeFzcUbZMxks8CAmKVB3Pn\n69NmqZOcJtcj0ydBKL1MdUxPSHXks0z8afVa5IlbJaeaa+Ef0dMDzL/JdH7FslaZ\ntHvgJpq2RinHx1emIlmAk1ji0L/4MCqRrCdNU1rVIob7amyd6gkAkEIYUlsHFEp1\nBdVU8hh4F9UQ6dQvZ6etO4/Pus8t4DjdY8Xllsgot4NXL94r/asG+z3QjIIokUfu\nEDRorE82P809hWhRVbZ1A66/3XERD4BGmn3PML94YdC+vOxricqkrZ4oJDD3gbow\nfJWQIZ96hMndAG0H055qvgoWNqjifw9KXLHqelHWOiyJftJrchCOwZ3gRlA8WaOy\nHvCNN1VzCOfaNw9YJlJ4c3DLzwwRxo/KinycCvDaYGhBLTkWjZFqqkdwm4cqK9cf\n3joxQKh51a5ENZ2hoJUEvlcfjerQGPMRMUR4n3GwPf7Vca3fd+S1+qA7tcldEKx9\nHte3R2N5rYd/obrdkh5J0A==\n-----END CERTIFICATE-----\n" --key_content "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCn7/6ZMkJkt1/9\niOj+0S8aE64w69iSpEUHs/wlCJG5mx7QhMKwTeJSjXO+oVSDH7Kr+eoIpTh4Zt6a\nC9oUaynJ4tLpE1/xb5V92Brafthx6b49/kgeCEvDQtFbmwJPOZ9f2W71oK8s6zgM\n/dASpH4LgAu3Y7vfJ9eHZB63MuDFc429WyDuXQ4xnQ07RUKd40Q7JSKt4WNIdl7I\nVlAdAwTg+/4+xhYohSgidi82XJRD0MCs0EQg6K5G0Do8DcAmdBsE3LTjJr55G1Ju\nscv6qfh0BCTuyhJpS3dIQa5YiSuTIDiO45h8V4BS/+AB42tYSejvQKVmCbaCb9aq\nwn9LjrM0G4GYU0llvVi0vi8d76s9wb1V0Au0lkr/xFMCXebYWGr1I48kKlFKf0l1\n1fP0rjAQO+qWwNJI1ax87g1dh49NwBJbnZJvlv1Hb5Kls2rvwHVcp4UkFBZ1GVBZu\nm0wbwFirZXxuU43AZp2SnwVDl+i3fP4FEu8SMIijhU3NQeA8PbVcyx3xgsOiNO3w\nXp2Rt380D4Ynw5A7pF6YUD4TefMzUCgDFEykuUzZlnT9mBR34F4bYUQSLPPqWDXe\ndAHfuUh9na2ws3BltpAVvpNM9xWl2NQN6Xsp+gAuMwIHcj0FTiJ38UFyzvPCJ/e+\nFsW3qWQkgDNhUYlOAplfp8o/+1Fm7wIDAQABAoICAQCbaiSpzbNX1cRFs7A8MYZv\nkYsAxyJ0AwXHLS/Jbfa+V+naeyJZWpp6X2GgJ1k4x9roAK4vNgfelQSodxNpFgtk\nRD9/Z2jA3Mzx205uqjjQospmQK6o7HCA0ZNCPV+TxfXSFDz1n7C91yjWDQXEWuoy\n5lrxaqDw0cRKDcPHMpSE5n1jobQGI6QBEiCum1gdGbeJLMK9O/pPkwwARrB5SNP5\nCfuuSE81TJVp3wmuO1sSr1vAEjUaZ3rxGb7q2Kbcb1KZ206jcLWRClHtEyl8XlQJ\nudQcEHGddDN9cRtR4A+tZoIw6juxxqCBLz81QCuVV0D0OVVX6uE2MR3uhXSawwgEU\nVWIcWvgXkTgEbg/KgrZ3R9VN7XjawMLVv+3dLQp4idD7keoKWCOHXZtdEXalCmLV\nQQxNtwHkjF0yG+mu6nFEiy89onvTLJtzwriu16BYf8kVnUyd3F94LYQZDWRxCuuG\nNppl0VfikZGM+0P0PpKGy3Yn+qR6d4NhaYFxbrgezRg0KlshWpM/N6ZISBj9QjsZ\nPID4oVDNiTk0nEiHlz4SYqsGrTmPdEIwLTO0QL2SFrcNwqh+qT50s7QFqu+Mwl8E\nieRXdEc5mV0qTQvUWPjNh0l6oEwsKi0dxUL5j4utr3WQgk1Fq/1LNgVFL/rBbAIX\ncI3hmU3UQBiTUtzJ3iDytQKCAQEA3LpDbn7TAwr7DMwA1nBTrv5bwGKN7SGan6fN\nL9BI0uyW3H9EZtlhE2kxapF20//gMlvIYO1kW+vySvXTK6IrBzb9s8dzycqbhpyP\n1Z7HQHJeRjNuExTHlX8hU2kW/evmWeRswJwSo37zf6XWMBN4D/i78OEbNDpTLFDA\n2iYWGx2+Cex7nzsSI1omOhek4UyejKsk4Iv2621ezH2mTsHfyxajP/GsCUIHDB6r\nB2nL8YzY/u4nzOVXu5N+sSthQTn3L4KiFavlOd00cCL22J7Dk15CyXn11MHxdo1p\npXZD/sEJfgmiWvroFlHBDRQRzHhPO7j0SzrssOkysNq/aW1eGQKCAQEAwsYkdUWt\nx0fRSaKyC4IJhsKiFcceZdbmHXPd1iaK+oAGhTzz3xDBDlQYbwy6ej8uk8/3PqBW\nfZPOWD9DszTE7k/Rsd4jwVFMD2daE09JVGyPZ7bq4X3qQ7oL120b6Oi1ZuYIXMPs\nlJzgQbOyPzUZess1OUSNwfB8pZhMkjvgmkkSUlZgyQx5+PRW9cZsf4POO9vCAFRL\nOyNlPMAqT1vvGbtatnHc6iY0v1Gl5J0NJfrzpd6b/Cr619NflpSUw6nEd0PLaGl7\naTqCPdMb5Fh7iISmysfSgVavZo5nIvRNY8vVQX8MBaQdmTKXXfYFbiYgZ+uL4hWg\nlTYXdQGQlIx+RwKCAQAjCKVfSl3vo7SJKXAQmS+PHOwvMvVX5/eE07trlWGZqNeh\nE8olkOcpj466XXBA4eIR3COHzuYY+PAyGaZ0zH6L3JyUBlpIcxIQYZUq0NLLVdvE\nxLD58lhjUBRYCtwNXX3oUqs4Pw1uSd4YKpg+dTifQFmEOBZ7Sa6d4AtcFKN5llTt\nek18zoFofwyGN+6BnAmmRhvKUCzW3TsoteDJq1f8AhHTOmaV6Zb4w31d5drq8fIX\nNHG4wcYVDaoUMNB06+Bh+BgF3Iy7jHKgQcxwQXLFVza+h88O/+F1caiNDKJqMvVw\nvdK5Ig3oTP2ZN9BDZe0di5OqxSWARuM20uGCuEsxAoIBABMLXLU6wushUo1ooxAM\n/vF2RnLqrUY35PgsRByUWDJ2Ii0U8KN29+l2v4zcKb+aPeumAf7Vnp9YvGxUg0Ia\nfsbudwp1NfnJAS7gZCZPMlRW6Q6zC/RQY3+LyWye9oOnfVU6WMb5QUCmtia2c09K\n2drv05xt345+/TET2yjRQfzT+D6kw4Hk/mghO/98D0/Ii3m+2xE9LL3zkAqIn5py\n2sYhU5VTPM6IPdAXI6le0dJM31Xwlj/p0+0Wddo7XPBkwRkIP/NNnQuE9QcmhSum\nmy2WCtj5ANQ0raHRerQoPwjq/UcSLRLAIUTBdZtyWsWSZMjEd0D77F+qklCWfpSH\nyDECggEAEaCankeqpmPcSBDdvHZ9TP42aYqvvgrb36bK8A4HdGujx2dWafPcLojm\nizEtUPv2nVU2sGjGmPct5gSCS0oSwjVoIj7UKjT1dLN2QA115mFuZXNsz7UEifdU\n6XuIHztTcDTmhsDGx/XtsnZFyfEl9z3zZIkO4aJ9lbBiyw5LamGD1ykQ2DavxCFE\neFalDX9PGS/VERX9foHLLXDyEXYuoo8pf3ltupYmqbxMSX5Hf1NvtqYBSTvYiaCv\nmQJ3EuuxjzxXcCuI0YWPcAxlAViz9NAzgk+gxbOB6kEHvq/GWWRebQdvGdSHE9zV\ng5HfdOn7snl93cZxCP+JcOFG55h0Dg==\n-----END PRIVATE KEY-----\n"

insight configure syslog --host <syslog_address> --port <syslog_port> --ca_content "<ca.crt_content>"  --cert_content "<client.crt_content>" --key_content "<client.key_content>" --troubleshooting_log True

Example:

insight configure syslog --host 192.168.1.110 --port 6514 --ca_content "-----BEGIN CERTIFICATE-----\nMIIFmDCCA4CgAwIBAgIIWF8OX+P4jAAwDQYJKoZIhvcNAQELBQAwVzEYMBYGA1UE\nCgwPUHJvdGVncml0eSBJbmMuMQswCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVn\ncml0eSBSb290IENBIC0gWklTbkdKRE5tekdPdGEyQzAgGA8yMDI1MTIyMTAwMDAw\nMFoXDTM1MTIyMDA3NDE1MFowVzEYMBYGA1UECgwPUHJvdGVncml0eSBJbmMuMQsw\nCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVncml0eSBSb290IENBIC0gWklTbkdK\nRE5tekdPdGEyQzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL6nK47Y\n/hs1nBnHxg2/S6ieL/JH9H6M9321qHaSIbqAS2KBy2iNDoy3EhKvHXOgd4TgWc7+\nMGiREDK9QsOZ1UKFn5p5cXt0lkGsRSVB5sh2GurGxCtKEwtXlK8OGAWhz46dmjEr\nT02SH7H6WQA+Zh8+OTdzjpo/aujdI6pGVslSY/ulFcqQF16U7aRTmobPpdSZuFWN\nuBcoAXLhDBLutCWQaYSodksRha6I6olrlSditoHHGOnMWC6S4/+NT1XtSvBEIhVn\nMDRym6UKLNlhR+bb3lyGK5HgA2frXduNIL244z931Ii+JAnvpIsZrQ9k1UghG0L7\n3zLTMSCf1y3yWKhXWnPcN41zWeqiF+gk0zFoIQiaDPjhqNyjzTheXX8YqiTf226E\nxTg1Xrac3LF5Ju+3gCioUzpOo3WbphDmZfDTMBj0cWn7GszLkiNd/AX5bLf/+OdJ\n9KaZSOQcit4A9bxERWFS0vT8aGfN43mUFXrpKLmpltZkmtt4XloEeGndZbHF60hy\n+nRzJVNs9B63xP9+NdpWgvoiRVOBKB04XVcNC6nMCMwYjJRLmBzQQ9PT3dQ2dnpj\nj0TuU/44bj5S5t6aVvEOeKanHHeVqRQm8Kzt4WfDvjp1ASOkApvA5+Xs+DpcKbWH\nMCAZDQpi2vWu8d+c569FvN4e0SbP0qM26NgvAgMBAAGjZjBkMBIGA1UdEwEB/wQI\nMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSnfq6PGf8AwEL9XGyQ\nM1I6087OzjAfBgNVHSMEGDAWgBSnfq6PGf8AwEL9XGyQM1I6087OzjANBgkqhkiG\n9w0BAQsFAAOCAgEALXZZNaa60cpYNFEXgr780IqKUdZa995OvRUs1dCYd4WqzzJD\nVad8Z48GJX3/u/XAk2UM+mUSGaFowqhek58YX0b24O0PG+y3O0XT0EX/+80Fu+Kt\nkPSbiaPyeYxGqEjwed/Y9X5AJig68NA/FRcT5dq2sWA8hcej8Ghm6D3gu9PdBWpk\nRstITsdaSfx6N+avJ0keGMHqLDLSr948XbehRHH9FnvkPfDtkwKzNwhYmeB6/c+v\nal/JLfPy6VWi3fK37XmuhSh2aZ/vsjT7sxvfFTndUVBeumvCS4wW+bByxpC5XBHW\nB1TrPCczqaDqDD/ib1YCLfY6Qgi8IINEsDDkDgpevW2JxSjTywGGYea4J3M5oOdg\nNhjNWt00H/rugEzkB9hP4po9QHSFX5qWgzT/ws01mOcaOr4UQ8msSyVZmfpJkdHy\nx4n4jhvdlsQKhKM7OmpuXGIA7r/lqU5WDQl1Erj/6cNeWp4vx+606mvbjpzk2Lcp\ni0wBnz27jvN4Xvw+zBMzMBMm5iPwKDMKUyo3q87DFC6lBvBwF0kbPom+yLhHH/rF\n0hr21PATUrHHutFebZ3ZqZwusiKKOoD6fpQrF2mwnVGHQPwTUamSFKQZsf9jw3ic\n4zY2nruXc0OSWS2gf1FKRDxpgpMUjthA3nO1YJuiP4I7fB5mqSoYY8bsyhc=\n-----END CERTIFICATE-----\n"  --cert_content "-----BEGIN CERTIFICATE-----\nMIIFHDCCAwSgAwIBAgIIcePfAqBgEAAwDQYJKoZIhvcNAQELBQAwVzEYMBYGA1UE\nCgwPUHJvdGVncml0eSBJbmMuMQswCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVn\ncml0eSBSb290IENBIC0gWkldeedKRE5tekdPdGEyQzAgGA8yMDI1MTIyMTAwMDAw\nMFoXDTM1MTIyMDA3NDE1MlowQzEYMBYGA1UECgwPUHJvdGVncml0eSBJbmMuMQsw\nCQYDVQQGEwJVUzEaMBgGA1UEAwwRUHJvdGVncml0eSBDbGllbnQwggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQCn7/6ZMkJkt1/9iOj+0S8aE64w69iSpEUH\ns/wlCJG5mx7QhMKwTeJSjXO+oVSDH7Kr+eoIpTh4Zt6aC9oUaynJ4tLpE1/xb5V9\n2Brafthx6b49/kgeCEvDQtFbmwJPOZ9f2W71oK8s6zgM/dASpH4LgAu3Y7vfJ9eH\nZB63MuDFc429WyDuXQ4xnQ07RUKd40Q7JSKt4WNIdl7IVlAdAwTg+/4+xhYohSgi\ndi82XJRD0MCs0EQg6K5G0Do8DcAmdBsE3LTjJr55G1Juscv6qfh0BCTuyhJpS3dI\nQa5YiSuTIDiO45h8V4BS/+AB42tYSejvQKVmCbaCb9aqwn9LjrM0G4GYU0llvVi0\nvi8d76s9wb1V0Au0lkr/xFMCXebYWGr1I48kKlFKf0l11fP0rjAQO+qWwNJI1ax8\n7g1dh49NwBJbnZJvlv1Hb5KlrOvwHfr8UkFBZ1GVBZum0wbwFirZXxuU43AZp2S\nnwVDl+i3fP4FEu8SMIijhU3NQeA8PbVcyx3xgsOiNO3wXp2Rt380D4Ynw5A7pF6Y\nUD4TefMzUCgDFEykuUzZlnT9mBR34F4bYUQSLPPqWDXedAHfuUh9na2ws3BltpAV\nvpNM9xWl2NQN6Xsp+gAuMwIHcj0FTiJ38UFyzvPCJ/e+FsW3qWQkgDNhUYlOAplf\np8o/+1Fm7wIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB+s91FIrthptvdBygBsen4\nLaQpfAGIEyeiG1VdTeXtlev2HjPk0p3FnbjZVQhyT00SCWPHa7Vd6ypIqlIFYvnq\nUvUc0fkUqnpAeRWK9p1bif32Qs3rS6Q8mDDVbe2BP/gxOdrPkKPZLZ/rA4cYQAh0\nx/RsdxXtiBkOQpNjZO+UUbyPqohRKek/yLEiltsdBcXeFzcUbZMxks8CAmKVB3Pn\n69NmqZOcJtcj0ydBKL1MdUxPSHXks0z8afVa5IlbJaeaa+Ef0dMDzL/JdH7FslaZ\ntHvgJpq2RinHx1emIlmAk1ji0L/4MCqRrCdNU1rVIob7amyd6gkAkEIYUlsHFEp1\nBdVU8hh4F9UQ6dQvZ6etO4/Pus8t4DjdY8Xllsgot4NXL94r/asG+z3QjIIokUfu\nEDRorE82P809hWhRVbZ1A66/3XERD4BGmn3PML94YdC+vOxricqkrZ4oJDD3gbow\nfJWQIZ96hMndAG0H055qvgoWNqjifw9KXLHqelHWOiyJftJrchCOwZ3gRlA8WaOy\nHvCNN1VzCOfaNw9YJlJ4c3DLzwwRxo/KinycCvDaYGhBLTkWjZFqqkdwm4cqK9cf\n3joxQKh51a5ENZ2hoJUEvlcfjerQGPMRMUR4n3GwPf7Vca3fd+S1+qA7tcldEKx9\nHte3R2N5rYd/obrdkh5J0A==\n-----END CERTIFICATE-----\n" --key_content "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCn7/6ZMkJkt1/9\niOj+0S8aE64w69iSpEUHs/wlCJG5mx7QhMKwTeJSjXO+oVSDH7Kr+eoIpTh4Zt6a\nC9oUaynJ4tLpE1/xb5V92Brafthx6b49/kgeCEvDQtFbmwJPOZ9f2W71oK8s6zgM\n/dASpH4LgAu3Y7vfJ9eHZB63MuDFc429WyDuXQ4xnQ07RUKd40Q7JSKt4WNIdl7I\nVlAdAwTg+/4+xhYohSgidi82XJRD0MCs0EQg6K5G0Do8DcAmdBsE3LTjJr55G1Ju\nscv6qfh0BCTuyhJpS3dIQa5YiSuTIDiO45h8V4BS/+AB42tYSejvQKVmCbaCb9aq\nwn9LjrM0G4GYU0llvVi0vi8d76s9wb1V0Au0lkr/xFMCXebYWGr1I48kKlFKf0l1\n1fP0rjAQO+qWwNJI1ax87g1dh49NwBJbnZJvlv1Hb5Kls2rvwHVcp4UkFBZ1GVBZu\nm0wbwFirZXxuU43AZp2SnwVDl+i3fP4FEu8SMIijhU3NQeA8PbVcyx3xgsOiNO3w\nXp2Rt380D4Ynw5A7pF6YUD4TefMzUCgDFEykuUzZlnT9mBR34F4bYUQSLPPqWDXe\ndAHfuUh9na2ws3BltpAVvpNM9xWl2NQN6Xsp+gAuMwIHcj0FTiJ38UFyzvPCJ/e+\nFsW3qWQkgDNhUYlOAplfp8o/+1Fm7wIDAQABAoICAQCbaiSpzbNX1cRFs7A8MYZv\nkYsAxyJ0AwXHLS/Jbfa+V+naeyJZWpp6X2GgJ1k4x9roAK4vNgfelQSodxNpFgtk\nRD9/Z2jA3Mzx205uqjjQospmQK6o7HCA0ZNCPV+TxfXSFDz1n7C91yjWDQXEWuoy\n5lrxaqDw0cRKDcPHMpSE5n1jobQGI6QBEiCum1gdGbeJLMK9O/pPkwwARrB5SNP5\nCfuuSE81TJVp3wmuO1sSr1vAEjUaZ3rxGb7q2Kbcb1KZ206jcLWRClHtEyl8XlQJ\nudQcEHGddDN9cRtR4A+tZoIw6juxxqCBLz81QCuVV0D0OVVX6uE2MR3uhXSawwgEU\nVWIcWvgXkTgEbg/KgrZ3R9VN7XjawMLVv+3dLQp4idD7keoKWCOHXZtdEXalCmLV\nQQxNtwHkjF0yG+mu6nFEiy89onvTLJtzwriu16BYf8kVnUyd3F94LYQZDWRxCuuG\nNppl0VfikZGM+0P0PpKGy3Yn+qR6d4NhaYFxbrgezRg0KlshWpM/N6ZISBj9QjsZ\nPID4oVDNiTk0nEiHlz4SYqsGrTmPdEIwLTO0QL2SFrcNwqh+qT50s7QFqu+Mwl8E\nieRXdEc5mV0qTQvUWPjNh0l6oEwsKi0dxUL5j4utr3WQgk1Fq/1LNgVFL/rBbAIX\ncI3hmU3UQBiTUtzJ3iDytQKCAQEA3LpDbn7TAwr7DMwA1nBTrv5bwGKN7SGan6fN\nL9BI0uyW3H9EZtlhE2kxapF20//gMlvIYO1kW+vySvXTK6IrBzb9s8dzycqbhpyP\n1Z7HQHJeRjNuExTHlX8hU2kW/evmWeRswJwSo37zf6XWMBN4D/i78OEbNDpTLFDA\n2iYWGx2+Cex7nzsSI1omOhek4UyejKsk4Iv2621ezH2mTsHfyxajP/GsCUIHDB6r\nB2nL8YzY/u4nzOVXu5N+sSthQTn3L4KiFavlOd00cCL22J7Dk15CyXn11MHxdo1p\npXZD/sEJfgmiWvroFlHBDRQRzHhPO7j0SzrssOkysNq/aW1eGQKCAQEAwsYkdUWt\nx0fRSaKyC4IJhsKiFcceZdbmHXPd1iaK+oAGhTzz3xDBDlQYbwy6ej8uk8/3PqBW\nfZPOWD9DszTE7k/Rsd4jwVFMD2daE09JVGyPZ7bq4X3qQ7oL120b6Oi1ZuYIXMPs\nlJzgQbOyPzUZess1OUSNwfB8pZhMkjvgmkkSUlZgyQx5+PRW9cZsf4POO9vCAFRL\nOyNlPMAqT1vvGbtatnHc6iY0v1Gl5J0NJfrzpd6b/Cr619NflpSUw6nEd0PLaGl7\naTqCPdMb5Fh7iISmysfSgVavZo5nIvRNY8vVQX8MBaQdmTKXXfYFbiYgZ+uL4hWg\nlTYXdQGQlIx+RwKCAQAjCKVfSl3vo7SJKXAQmS+PHOwvMvVX5/eE07trlWGZqNeh\nE8olkOcpj466XXBA4eIR3COHzuYY+PAyGaZ0zH6L3JyUBlpIcxIQYZUq0NLLVdvE\nxLD58lhjUBRYCtwNXX3oUqs4Pw1uSd4YKpg+dTifQFmEOBZ7Sa6d4AtcFKN5llTt\nek18zoFofwyGN+6BnAmmRhvKUCzW3TsoteDJq1f8AhHTOmaV6Zb4w31d5drq8fIX\nNHG4wcYVDaoUMNB06+Bh+BgF3Iy7jHKgQcxwQXLFVza+h88O/+F1caiNDKJqMvVw\nvdK5Ig3oTP2ZN9BDZe0di5OqxSWARuM20uGCuEsxAoIBABMLXLU6wushUo1ooxAM\n/vF2RnLqrUY35PgsRByUWDJ2Ii0U8KN29+l2v4zcKb+aPeumAf7Vnp9YvGxUg0Ia\nfsbudwp1NfnJAS7gZCZPMlRW6Q6zC/RQY3+LyWye9oOnfVU6WMb5QUCmtia2c09K\n2drv05xt345+/TET2yjRQfzT+D6kw4Hk/mghO/98D0/Ii3m+2xE9LL3zkAqIn5py\n2sYhU5VTPM6IPdAXI6le0dJM31Xwlj/p0+0Wddo7XPBkwRkIP/NNnQuE9QcmhSum\nmy2WCtj5ANQ0raHRerQoPwjq/UcSLRLAIUTBdZtyWsWSZMjEd0D77F+qklCWfpSH\nyDECggEAEaCankeqpmPcSBDdvHZ9TP42aYqvvgrb36bK8A4HdGujx2dWafPcLojm\nizEtUPv2nVU2sGjGmPct5gSCS0oSwjVoIj7UKjT1dLN2QA115mFuZXNsz7UEifdU\n6XuIHztTcDTmhsDGx/XtsnZFyfEl9z3zZIkO4aJ9lbBiyw5LamGD1ykQ2DavxCFE\neFalDX9PGS/VERX9foHLLXDyEXYuoo8pf3ltupYmqbxMSX5Hf1NvtqYBSTvYiaCv\nmQJ3EuuxjzxXcCuI0YWPcAxlAViz9NAzgk+gxbOB6kEHvq/GWWRebQdvGdSHE9zV\ng5HfdOn7snl93cZxCP+JcOFG55h0Dg==\n-----END PRIVATE KEY-----\n" --troubleshooting_log True

The pods take some time to initialize and stabilize after running this command. Verify the status of the pods using the kubectl get pods -n pty-insightcommand. Avoid updating any more configurations till the pods are ready.

Configuring the syslog that receives the logs

The logs forwarded to the SIEM are captured by syslog on the SIEM. Ensure that the syslog on the SIEM is configured to send the logs to the required location, such as, a file or another system. For more information about the forwarding logs to various systems, refer to the rsyslog documentation.

Updating the log forwarding configuration

The command to update the logs forwarding settings to the syslog server.

insight update syslog --host <syslog_address> --port <syslog_port> --ca_content "<ca.crt_content>"  --cert_content "<client.crt_content>" --key_content "<client.key_content>"

Example:

insight update syslog --host 192.168.1.110 --port 6514 --ca_content "-----BEGIN CERTIFICATE-----\nMIIFmDCCA4CgAwIBAgIIWF8OX+P4jAAwDQYJKoZIhvcNAQELBQAwVzEYMBYGA1UE\nCgwPUHJvdGVncml0eSBJbmMuMQswCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVn\ncml0eSBSb290IENBIC0gWklTbkdKRE5tekdPdGEyQzAgGA8yMDI1MTIyMTAwMDAw\nMFoXDTM1MTIyMDA3NDE1MFowVzEYMBYGA1UECgwPUHJvdGVncml0eSBJbmMuMQsw\nCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVncml0eSBSb290IENBIC0gWklTbkdK\nRE5tekdPdGEyQzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL6nK47Y\n/hs1nBnHxg2/S6ieL/JH9H6M9321qHaSIbqAS2KBy2iNDoy3EhKvHXOgd4TgWc7+\nMGiREDK9QsOZ1UKFn5p5cXt0lkGsRSVB5sh2GurGxCtKEwtXlK8OGAWhz46dmjEr\nT02SH7H6WQA+Zh8+OTdzjpo/aujdI6pGVslSY/ulFcqQF16U7aRTmobPpdSZuFWN\nuBcoAXLhDBLutCWQaYSodksRha6I6olrlSditoHHGOnMWC6S4/+NT1XtSvBEIhVn\nMDRym6UKLNlhR+bb3lyGK5HgA2frXduNIL244z931Ii+JAnvpIsZrQ9k1UghG0L7\n3zLTMSCf1y3yWKhXWnPcN41zWeqiF+gk0zFoIQiaDPjhqNyjzTheXX8YqiTf226E\nxTg1Xrac3LF5Ju+3gCioUzpOo3WbphDmZfDTMBj0cWn7GszLkiNd/AX5bLf/+OdJ\n9KaZSOQcit4A9bxERWFS0vT8aGfN43mUFXrpKLmpltZkmtt4XloEeGndZbHF60hy\n+nRzJVNs9B63xP9+NdpWgvoiRVOBKB04XVcNC6nMCMwYjJRLmBzQQ9PT3dQ2dnpj\nj0TuU/44bj5S5t6aVvEOeKanHHeVqRQm8Kzt4WfDvjp1ASOkApvA5+Xs+DpcKbWH\nMCAZDQpi2vWu8d+c569FvN4e0SbP0qM26NgvAgMBAAGjZjBkMBIGA1UdEwEB/wQI\nMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSnfq6PGf8AwEL9XGyQ\nM1I6087OzjAfBgNVHSMEGDAWgBSnfq6PGf8AwEL9XGyQM1I6087OzjANBgkqhkiG\n9w0BAQsFAAOCAgEALXZZNaa60cpYNFEXgr780IqKUdZa995OvRUs1dCYd4WqzzJD\nVad8Z48GJX3/u/XAk2UM+mUSGaFowqhek58YX0b24O0PG+y3O0XT0EX/+80Fu+Kt\nkPSbiaPyeYxGqEjwed/Y9X5AJig68NA/FRcT5dq2sWA8hcej8Ghm6D3gu9PdBWpk\nRstITsdaSfx6N+avJ0keGMHqLDLSr948XbehRHH9FnvkPfDtkwKzNwhYmeB6/c+v\nal/JLfPy6VWi3fK37XmuhSh2aZ/vsjT7sxvfFTndUVBeumvCS4wW+bByxpC5XBHW\nB1TrPCczqaDqDD/ib1YCLfY6Qgi8IINEsDDkDgpevW2JxSjTywGGYea4J3M5oOdg\nNhjNWt00H/rugEzkB9hP4po9QHSFX5qWgzT/ws01mOcaOr4UQ8msSyVZmfpJkdHy\nx4n4jhvdlsQKhKM7OmpuXGIA7r/lqU5WDQl1Erj/6cNeWp4vx+606mvbjpzk2Lcp\ni0wBnz27jvN4Xvw+zBMzMBMm5iPwKDMKUyo3q87DFC6lBvBwF0kbPom+yLhHH/rF\n0hr21PATUrHHutFebZ3ZqZwusiKKOoD6fpQrF2mwnVGHQPwTUamSFKQZsf9jw3ic\n4zY2nruXc0OSWS2gf1FKRDxpgpMUjthA3nO1YJuiP4I7fB5mqSoYY8bsyhc=\n-----END CERTIFICATE-----\n"  --cert_content "-----BEGIN CERTIFICATE-----\nMIIFHDCCAwSgAwIBAgIIcePfAqBgEAAwDQYJKoZIhvcNAQELBQAwVzEYMBYGA1UE\nCgwPUHJvdGVncml0eSBJbmMuMQswCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVn\ncml0eSBSb290IENBIC0gWkldeedKRE5tekdPdGEyQzAgGA8yMDI1MTIyMTAwMDAw\nMFoXDTM1MTIyMDA3NDE1MlowQzEYMBYGA1UECgwPUHJvdGVncml0eSBJbmMuMQsw\nCQYDVQQGEwJVUzEaMBgGA1UEAwwRUHJvdGVncml0eSBDbGllbnQwggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQCn7/6ZMkJkt1/9iOj+0S8aE64w69iSpEUH\ns/wlCJG5mx7QhMKwTeJSjXO+oVSDH7Kr+eoIpTh4Zt6aC9oUaynJ4tLpE1/xb5V9\n2Brafthx6b49/kgeCEvDQtFbmwJPOZ9f2W71oK8s6zgM/dASpH4LgAu3Y7vfJ9eH\nZB63MuDFc429WyDuXQ4xnQ07RUKd40Q7JSKt4WNIdl7IVlAdAwTg+/4+xhYohSgi\ndi82XJRD0MCs0EQg6K5G0Do8DcAmdBsE3LTjJr55G1Juscv6qfh0BCTuyhJpS3dI\nQa5YiSuTIDiO45h8V4BS/+AB42tYSejvQKVmCbaCb9aqwn9LjrM0G4GYU0llvVi0\nvi8d76s9wb1V0Au0lkr/xFMCXebYWGr1I48kKlFKf0l11fP0rjAQO+qWwNJI1ax8\n7g1dh49NwBJbnZJvlv1Hb5KlrOvwHfr8UkFBZ1GVBZum0wbwFirZXxuU43AZp2S\nnwVDl+i3fP4FEu8SMIijhU3NQeA8PbVcyx3xgsOiNO3wXp2Rt380D4Ynw5A7pF6Y\nUD4TefMzUCgDFEykuUzZlnT9mBR34F4bYUQSLPPqWDXedAHfuUh9na2ws3BltpAV\nvpNM9xWl2NQN6Xsp+gAuMwIHcj0FTiJ38UFyzvPCJ/e+FsW3qWQkgDNhUYlOAplf\np8o/+1Fm7wIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB+s91FIrthptvdBygBsen4\nLaQpfAGIEyeiG1VdTeXtlev2HjPk0p3FnbjZVQhyT00SCWPHa7Vd6ypIqlIFYvnq\nUvUc0fkUqnpAeRWK9p1bif32Qs3rS6Q8mDDVbe2BP/gxOdrPkKPZLZ/rA4cYQAh0\nx/RsdxXtiBkOQpNjZO+UUbyPqohRKek/yLEiltsdBcXeFzcUbZMxks8CAmKVB3Pn\n69NmqZOcJtcj0ydBKL1MdUxPSHXks0z8afVa5IlbJaeaa+Ef0dMDzL/JdH7FslaZ\ntHvgJpq2RinHx1emIlmAk1ji0L/4MCqRrCdNU1rVIob7amyd6gkAkEIYUlsHFEp1\nBdVU8hh4F9UQ6dQvZ6etO4/Pus8t4DjdY8Xllsgot4NXL94r/asG+z3QjIIokUfu\nEDRorE82P809hWhRVbZ1A66/3XERD4BGmn3PML94YdC+vOxricqkrZ4oJDD3gbow\nfJWQIZ96hMndAG0H055qvgoWNqjifw9KXLHqelHWOiyJftJrchCOwZ3gRlA8WaOy\nHvCNN1VzCOfaNw9YJlJ4c3DLzwwRxo/KinycCvDaYGhBLTkWjZFqqkdwm4cqK9cf\n3joxQKh51a5ENZ2hoJUEvlcfjerQGPMRMUR4n3GwPf7Vca3fd+S1+qA7tcldEKx9\nHte3R2N5rYd/obrdkh5J0A==\n-----END CERTIFICATE-----\n" --key_content "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCn7/6ZMkJkt1/9\niOj+0S8aE64w69iSpEUHs/wlCJG5mx7QhMKwTeJSjXO+oVSDH7Kr+eoIpTh4Zt6a\nC9oUaynJ4tLpE1/xb5V92Brafthx6b49/kgeCEvDQtFbmwJPOZ9f2W71oK8s6zgM\n/dASpH4LgAu3Y7vfJ9eHZB63MuDFc429WyDuXQ4xnQ07RUKd40Q7JSKt4WNIdl7I\nVlAdAwTg+/4+xhYohSgidi82XJRD0MCs0EQg6K5G0Do8DcAmdBsE3LTjJr55G1Ju\nscv6qfh0BCTuyhJpS3dIQa5YiSuTIDiO45h8V4BS/+AB42tYSejvQKVmCbaCb9aq\nwn9LjrM0G4GYU0llvVi0vi8d76s9wb1V0Au0lkr/xFMCXebYWGr1I48kKlFKf0l1\n1fP0rjAQO+qWwNJI1ax87g1dh49NwBJbnZJvlv1Hb5Kls2rvwHVcp4UkFBZ1GVBZu\nm0wbwFirZXxuU43AZp2SnwVDl+i3fP4FEu8SMIijhU3NQeA8PbVcyx3xgsOiNO3w\nXp2Rt380D4Ynw5A7pF6YUD4TefMzUCgDFEykuUzZlnT9mBR34F4bYUQSLPPqWDXe\ndAHfuUh9na2ws3BltpAVvpNM9xWl2NQN6Xsp+gAuMwIHcj0FTiJ38UFyzvPCJ/e+\nFsW3qWQkgDNhUYlOAplfp8o/+1Fm7wIDAQABAoICAQCbaiSpzbNX1cRFs7A8MYZv\nkYsAxyJ0AwXHLS/Jbfa+V+naeyJZWpp6X2GgJ1k4x9roAK4vNgfelQSodxNpFgtk\nRD9/Z2jA3Mzx205uqjjQospmQK6o7HCA0ZNCPV+TxfXSFDz1n7C91yjWDQXEWuoy\n5lrxaqDw0cRKDcPHMpSE5n1jobQGI6QBEiCum1gdGbeJLMK9O/pPkwwARrB5SNP5\nCfuuSE81TJVp3wmuO1sSr1vAEjUaZ3rxGb7q2Kbcb1KZ206jcLWRClHtEyl8XlQJ\nudQcEHGddDN9cRtR4A+tZoIw6juxxqCBLz81QCuVV0D0OVVX6uE2MR3uhXSawwgEU\nVWIcWvgXkTgEbg/KgrZ3R9VN7XjawMLVv+3dLQp4idD7keoKWCOHXZtdEXalCmLV\nQQxNtwHkjF0yG+mu6nFEiy89onvTLJtzwriu16BYf8kVnUyd3F94LYQZDWRxCuuG\nNppl0VfikZGM+0P0PpKGy3Yn+qR6d4NhaYFxbrgezRg0KlshWpM/N6ZISBj9QjsZ\nPID4oVDNiTk0nEiHlz4SYqsGrTmPdEIwLTO0QL2SFrcNwqh+qT50s7QFqu+Mwl8E\nieRXdEc5mV0qTQvUWPjNh0l6oEwsKi0dxUL5j4utr3WQgk1Fq/1LNgVFL/rBbAIX\ncI3hmU3UQBiTUtzJ3iDytQKCAQEA3LpDbn7TAwr7DMwA1nBTrv5bwGKN7SGan6fN\nL9BI0uyW3H9EZtlhE2kxapF20//gMlvIYO1kW+vySvXTK6IrBzb9s8dzycqbhpyP\n1Z7HQHJeRjNuExTHlX8hU2kW/evmWeRswJwSo37zf6XWMBN4D/i78OEbNDpTLFDA\n2iYWGx2+Cex7nzsSI1omOhek4UyejKsk4Iv2621ezH2mTsHfyxajP/GsCUIHDB6r\nB2nL8YzY/u4nzOVXu5N+sSthQTn3L4KiFavlOd00cCL22J7Dk15CyXn11MHxdo1p\npXZD/sEJfgmiWvroFlHBDRQRzHhPO7j0SzrssOkysNq/aW1eGQKCAQEAwsYkdUWt\nx0fRSaKyC4IJhsKiFcceZdbmHXPd1iaK+oAGhTzz3xDBDlQYbwy6ej8uk8/3PqBW\nfZPOWD9DszTE7k/Rsd4jwVFMD2daE09JVGyPZ7bq4X3qQ7oL120b6Oi1ZuYIXMPs\nlJzgQbOyPzUZess1OUSNwfB8pZhMkjvgmkkSUlZgyQx5+PRW9cZsf4POO9vCAFRL\nOyNlPMAqT1vvGbtatnHc6iY0v1Gl5J0NJfrzpd6b/Cr619NflpSUw6nEd0PLaGl7\naTqCPdMb5Fh7iISmysfSgVavZo5nIvRNY8vVQX8MBaQdmTKXXfYFbiYgZ+uL4hWg\nlTYXdQGQlIx+RwKCAQAjCKVfSl3vo7SJKXAQmS+PHOwvMvVX5/eE07trlWGZqNeh\nE8olkOcpj466XXBA4eIR3COHzuYY+PAyGaZ0zH6L3JyUBlpIcxIQYZUq0NLLVdvE\nxLD58lhjUBRYCtwNXX3oUqs4Pw1uSd4YKpg+dTifQFmEOBZ7Sa6d4AtcFKN5llTt\nek18zoFofwyGN+6BnAmmRhvKUCzW3TsoteDJq1f8AhHTOmaV6Zb4w31d5drq8fIX\nNHG4wcYVDaoUMNB06+Bh+BgF3Iy7jHKgQcxwQXLFVza+h88O/+F1caiNDKJqMvVw\nvdK5Ig3oTP2ZN9BDZe0di5OqxSWARuM20uGCuEsxAoIBABMLXLU6wushUo1ooxAM\n/vF2RnLqrUY35PgsRByUWDJ2Ii0U8KN29+l2v4zcKb+aPeumAf7Vnp9YvGxUg0Ia\nfsbudwp1NfnJAS7gZCZPMlRW6Q6zC/RQY3+LyWye9oOnfVU6WMb5QUCmtia2c09K\n2drv05xt345+/TET2yjRQfzT+D6kw4Hk/mghO/98D0/Ii3m+2xE9LL3zkAqIn5py\n2sYhU5VTPM6IPdAXI6le0dJM31Xwlj/p0+0Wddo7XPBkwRkIP/NNnQuE9QcmhSum\nmy2WCtj5ANQ0raHRerQoPwjq/UcSLRLAIUTBdZtyWsWSZMjEd0D77F+qklCWfpSH\nyDECggEAEaCankeqpmPcSBDdvHZ9TP42aYqvvgrb36bK8A4HdGujx2dWafPcLojm\nizEtUPv2nVU2sGjGmPct5gSCS0oSwjVoIj7UKjT1dLN2QA115mFuZXNsz7UEifdU\n6XuIHztTcDTmhsDGx/XtsnZFyfEl9z3zZIkO4aJ9lbBiyw5LamGD1ykQ2DavxCFE\neFalDX9PGS/VERX9foHLLXDyEXYuoo8pf3ltupYmqbxMSX5Hf1NvtqYBSTvYiaCv\nmQJ3EuuxjzxXcCuI0YWPcAxlAViz9NAzgk+gxbOB6kEHvq/GWWRebQdvGdSHE9zV\ng5HfdOn7snl93cZxCP+JcOFG55h0Dg==\n-----END PRIVATE KEY-----\n"

insight update syslog --host <syslog_address> --port <syslog_port> --ca_content "<ca.crt_content>"  --cert_content "<client.crt_content>" --key_content "<client.key_content>" --troubleshooting_log True

Example:

insight update syslog --host 192.168.1.110 --port 6514 --ca_content "-----BEGIN CERTIFICATE-----\nMIIFmDCCA4CgAwIBAgIIWF8OX+P4jAAwDQYJKoZIhvcNAQELBQAwVzEYMBYGA1UE\nCgwPUHJvdGVncml0eSBJbmMuMQswCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVn\ncml0eSBSb290IENBIC0gWklTbkdKRE5tekdPdGEyQzAgGA8yMDI1MTIyMTAwMDAw\nMFoXDTM1MTIyMDA3NDE1MFowVzEYMBYGA1UECgwPUHJvdGVncml0eSBJbmMuMQsw\nCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVncml0eSBSb290IENBIC0gWklTbkdK\nRE5tekdPdGEyQzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL6nK47Y\n/hs1nBnHxg2/S6ieL/JH9H6M9321qHaSIbqAS2KBy2iNDoy3EhKvHXOgd4TgWc7+\nMGiREDK9QsOZ1UKFn5p5cXt0lkGsRSVB5sh2GurGxCtKEwtXlK8OGAWhz46dmjEr\nT02SH7H6WQA+Zh8+OTdzjpo/aujdI6pGVslSY/ulFcqQF16U7aRTmobPpdSZuFWN\nuBcoAXLhDBLutCWQaYSodksRha6I6olrlSditoHHGOnMWC6S4/+NT1XtSvBEIhVn\nMDRym6UKLNlhR+bb3lyGK5HgA2frXduNIL244z931Ii+JAnvpIsZrQ9k1UghG0L7\n3zLTMSCf1y3yWKhXWnPcN41zWeqiF+gk0zFoIQiaDPjhqNyjzTheXX8YqiTf226E\nxTg1Xrac3LF5Ju+3gCioUzpOo3WbphDmZfDTMBj0cWn7GszLkiNd/AX5bLf/+OdJ\n9KaZSOQcit4A9bxERWFS0vT8aGfN43mUFXrpKLmpltZkmtt4XloEeGndZbHF60hy\n+nRzJVNs9B63xP9+NdpWgvoiRVOBKB04XVcNC6nMCMwYjJRLmBzQQ9PT3dQ2dnpj\nj0TuU/44bj5S5t6aVvEOeKanHHeVqRQm8Kzt4WfDvjp1ASOkApvA5+Xs+DpcKbWH\nMCAZDQpi2vWu8d+c569FvN4e0SbP0qM26NgvAgMBAAGjZjBkMBIGA1UdEwEB/wQI\nMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSnfq6PGf8AwEL9XGyQ\nM1I6087OzjAfBgNVHSMEGDAWgBSnfq6PGf8AwEL9XGyQM1I6087OzjANBgkqhkiG\n9w0BAQsFAAOCAgEALXZZNaa60cpYNFEXgr780IqKUdZa995OvRUs1dCYd4WqzzJD\nVad8Z48GJX3/u/XAk2UM+mUSGaFowqhek58YX0b24O0PG+y3O0XT0EX/+80Fu+Kt\nkPSbiaPyeYxGqEjwed/Y9X5AJig68NA/FRcT5dq2sWA8hcej8Ghm6D3gu9PdBWpk\nRstITsdaSfx6N+avJ0keGMHqLDLSr948XbehRHH9FnvkPfDtkwKzNwhYmeB6/c+v\nal/JLfPy6VWi3fK37XmuhSh2aZ/vsjT7sxvfFTndUVBeumvCS4wW+bByxpC5XBHW\nB1TrPCczqaDqDD/ib1YCLfY6Qgi8IINEsDDkDgpevW2JxSjTywGGYea4J3M5oOdg\nNhjNWt00H/rugEzkB9hP4po9QHSFX5qWgzT/ws01mOcaOr4UQ8msSyVZmfpJkdHy\nx4n4jhvdlsQKhKM7OmpuXGIA7r/lqU5WDQl1Erj/6cNeWp4vx+606mvbjpzk2Lcp\ni0wBnz27jvN4Xvw+zBMzMBMm5iPwKDMKUyo3q87DFC6lBvBwF0kbPom+yLhHH/rF\n0hr21PATUrHHutFebZ3ZqZwusiKKOoD6fpQrF2mwnVGHQPwTUamSFKQZsf9jw3ic\n4zY2nruXc0OSWS2gf1FKRDxpgpMUjthA3nO1YJuiP4I7fB5mqSoYY8bsyhc=\n-----END CERTIFICATE-----\n"  --cert_content "-----BEGIN CERTIFICATE-----\nMIIFHDCCAwSgAwIBAgIIcePfAqBgEAAwDQYJKoZIhvcNAQELBQAwVzEYMBYGA1UE\nCgwPUHJvdGVncml0eSBJbmMuMQswCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVn\ncml0eSBSb290IENBIC0gWkldeedKRE5tekdPdGEyQzAgGA8yMDI1MTIyMTAwMDAw\nMFoXDTM1MTIyMDA3NDE1MlowQzEYMBYGA1UECgwPUHJvdGVncml0eSBJbmMuMQsw\nCQYDVQQGEwJVUzEaMBgGA1UEAwwRUHJvdGVncml0eSBDbGllbnQwggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQCn7/6ZMkJkt1/9iOj+0S8aE64w69iSpEUH\ns/wlCJG5mx7QhMKwTeJSjXO+oVSDH7Kr+eoIpTh4Zt6aC9oUaynJ4tLpE1/xb5V9\n2Brafthx6b49/kgeCEvDQtFbmwJPOZ9f2W71oK8s6zgM/dASpH4LgAu3Y7vfJ9eH\nZB63MuDFc429WyDuXQ4xnQ07RUKd40Q7JSKt4WNIdl7IVlAdAwTg+/4+xhYohSgi\ndi82XJRD0MCs0EQg6K5G0Do8DcAmdBsE3LTjJr55G1Juscv6qfh0BCTuyhJpS3dI\nQa5YiSuTIDiO45h8V4BS/+AB42tYSejvQKVmCbaCb9aqwn9LjrM0G4GYU0llvVi0\nvi8d76s9wb1V0Au0lkr/xFMCXebYWGr1I48kKlFKf0l11fP0rjAQO+qWwNJI1ax8\n7g1dh49NwBJbnZJvlv1Hb5KlrOvwHfr8UkFBZ1GVBZum0wbwFirZXxuU43AZp2S\nnwVDl+i3fP4FEu8SMIijhU3NQeA8PbVcyx3xgsOiNO3wXp2Rt380D4Ynw5A7pF6Y\nUD4TefMzUCgDFEykuUzZlnT9mBR34F4bYUQSLPPqWDXedAHfuUh9na2ws3BltpAV\nvpNM9xWl2NQN6Xsp+gAuMwIHcj0FTiJ38UFyzvPCJ/e+FsW3qWQkgDNhUYlOAplf\np8o/+1Fm7wIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB+s91FIrthptvdBygBsen4\nLaQpfAGIEyeiG1VdTeXtlev2HjPk0p3FnbjZVQhyT00SCWPHa7Vd6ypIqlIFYvnq\nUvUc0fkUqnpAeRWK9p1bif32Qs3rS6Q8mDDVbe2BP/gxOdrPkKPZLZ/rA4cYQAh0\nx/RsdxXtiBkOQpNjZO+UUbyPqohRKek/yLEiltsdBcXeFzcUbZMxks8CAmKVB3Pn\n69NmqZOcJtcj0ydBKL1MdUxPSHXks0z8afVa5IlbJaeaa+Ef0dMDzL/JdH7FslaZ\ntHvgJpq2RinHx1emIlmAk1ji0L/4MCqRrCdNU1rVIob7amyd6gkAkEIYUlsHFEp1\nBdVU8hh4F9UQ6dQvZ6etO4/Pus8t4DjdY8Xllsgot4NXL94r/asG+z3QjIIokUfu\nEDRorE82P809hWhRVbZ1A66/3XERD4BGmn3PML94YdC+vOxricqkrZ4oJDD3gbow\nfJWQIZ96hMndAG0H055qvgoWNqjifw9KXLHqelHWOiyJftJrchCOwZ3gRlA8WaOy\nHvCNN1VzCOfaNw9YJlJ4c3DLzwwRxo/KinycCvDaYGhBLTkWjZFqqkdwm4cqK9cf\n3joxQKh51a5ENZ2hoJUEvlcfjerQGPMRMUR4n3GwPf7Vca3fd+S1+qA7tcldEKx9\nHte3R2N5rYd/obrdkh5J0A==\n-----END CERTIFICATE-----\n" --key_content "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCn7/6ZMkJkt1/9\niOj+0S8aE64w69iSpEUHs/wlCJG5mx7QhMKwTeJSjXO+oVSDH7Kr+eoIpTh4Zt6a\nC9oUaynJ4tLpE1/xb5V92Brafthx6b49/kgeCEvDQtFbmwJPOZ9f2W71oK8s6zgM\n/dASpH4LgAu3Y7vfJ9eHZB63MuDFc429WyDuXQ4xnQ07RUKd40Q7JSKt4WNIdl7I\nVlAdAwTg+/4+xhYohSgidi82XJRD0MCs0EQg6K5G0Do8DcAmdBsE3LTjJr55G1Ju\nscv6qfh0BCTuyhJpS3dIQa5YiSuTIDiO45h8V4BS/+AB42tYSejvQKVmCbaCb9aq\nwn9LjrM0G4GYU0llvVi0vi8d76s9wb1V0Au0lkr/xFMCXebYWGr1I48kKlFKf0l1\n1fP0rjAQO+qWwNJI1ax87g1dh49NwBJbnZJvlv1Hb5Kls2rvwHVcp4UkFBZ1GVBZu\nm0wbwFirZXxuU43AZp2SnwVDl+i3fP4FEu8SMIijhU3NQeA8PbVcyx3xgsOiNO3w\nXp2Rt380D4Ynw5A7pF6YUD4TefMzUCgDFEykuUzZlnT9mBR34F4bYUQSLPPqWDXe\ndAHfuUh9na2ws3BltpAVvpNM9xWl2NQN6Xsp+gAuMwIHcj0FTiJ38UFyzvPCJ/e+\nFsW3qWQkgDNhUYlOAplfp8o/+1Fm7wIDAQABAoICAQCbaiSpzbNX1cRFs7A8MYZv\nkYsAxyJ0AwXHLS/Jbfa+V+naeyJZWpp6X2GgJ1k4x9roAK4vNgfelQSodxNpFgtk\nRD9/Z2jA3Mzx205uqjjQospmQK6o7HCA0ZNCPV+TxfXSFDz1n7C91yjWDQXEWuoy\n5lrxaqDw0cRKDcPHMpSE5n1jobQGI6QBEiCum1gdGbeJLMK9O/pPkwwARrB5SNP5\nCfuuSE81TJVp3wmuO1sSr1vAEjUaZ3rxGb7q2Kbcb1KZ206jcLWRClHtEyl8XlQJ\nudQcEHGddDN9cRtR4A+tZoIw6juxxqCBLz81QCuVV0D0OVVX6uE2MR3uhXSawwgEU\nVWIcWvgXkTgEbg/KgrZ3R9VN7XjawMLVv+3dLQp4idD7keoKWCOHXZtdEXalCmLV\nQQxNtwHkjF0yG+mu6nFEiy89onvTLJtzwriu16BYf8kVnUyd3F94LYQZDWRxCuuG\nNppl0VfikZGM+0P0PpKGy3Yn+qR6d4NhaYFxbrgezRg0KlshWpM/N6ZISBj9QjsZ\nPID4oVDNiTk0nEiHlz4SYqsGrTmPdEIwLTO0QL2SFrcNwqh+qT50s7QFqu+Mwl8E\nieRXdEc5mV0qTQvUWPjNh0l6oEwsKi0dxUL5j4utr3WQgk1Fq/1LNgVFL/rBbAIX\ncI3hmU3UQBiTUtzJ3iDytQKCAQEA3LpDbn7TAwr7DMwA1nBTrv5bwGKN7SGan6fN\nL9BI0uyW3H9EZtlhE2kxapF20//gMlvIYO1kW+vySvXTK6IrBzb9s8dzycqbhpyP\n1Z7HQHJeRjNuExTHlX8hU2kW/evmWeRswJwSo37zf6XWMBN4D/i78OEbNDpTLFDA\n2iYWGx2+Cex7nzsSI1omOhek4UyejKsk4Iv2621ezH2mTsHfyxajP/GsCUIHDB6r\nB2nL8YzY/u4nzOVXu5N+sSthQTn3L4KiFavlOd00cCL22J7Dk15CyXn11MHxdo1p\npXZD/sEJfgmiWvroFlHBDRQRzHhPO7j0SzrssOkysNq/aW1eGQKCAQEAwsYkdUWt\nx0fRSaKyC4IJhsKiFcceZdbmHXPd1iaK+oAGhTzz3xDBDlQYbwy6ej8uk8/3PqBW\nfZPOWD9DszTE7k/Rsd4jwVFMD2daE09JVGyPZ7bq4X3qQ7oL120b6Oi1ZuYIXMPs\nlJzgQbOyPzUZess1OUSNwfB8pZhMkjvgmkkSUlZgyQx5+PRW9cZsf4POO9vCAFRL\nOyNlPMAqT1vvGbtatnHc6iY0v1Gl5J0NJfrzpd6b/Cr619NflpSUw6nEd0PLaGl7\naTqCPdMb5Fh7iISmysfSgVavZo5nIvRNY8vVQX8MBaQdmTKXXfYFbiYgZ+uL4hWg\nlTYXdQGQlIx+RwKCAQAjCKVfSl3vo7SJKXAQmS+PHOwvMvVX5/eE07trlWGZqNeh\nE8olkOcpj466XXBA4eIR3COHzuYY+PAyGaZ0zH6L3JyUBlpIcxIQYZUq0NLLVdvE\nxLD58lhjUBRYCtwNXX3oUqs4Pw1uSd4YKpg+dTifQFmEOBZ7Sa6d4AtcFKN5llTt\nek18zoFofwyGN+6BnAmmRhvKUCzW3TsoteDJq1f8AhHTOmaV6Zb4w31d5drq8fIX\nNHG4wcYVDaoUMNB06+Bh+BgF3Iy7jHKgQcxwQXLFVza+h88O/+F1caiNDKJqMvVw\nvdK5Ig3oTP2ZN9BDZe0di5OqxSWARuM20uGCuEsxAoIBABMLXLU6wushUo1ooxAM\n/vF2RnLqrUY35PgsRByUWDJ2Ii0U8KN29+l2v4zcKb+aPeumAf7Vnp9YvGxUg0Ia\nfsbudwp1NfnJAS7gZCZPMlRW6Q6zC/RQY3+LyWye9oOnfVU6WMb5QUCmtia2c09K\n2drv05xt345+/TET2yjRQfzT+D6kw4Hk/mghO/98D0/Ii3m+2xE9LL3zkAqIn5py\n2sYhU5VTPM6IPdAXI6le0dJM31Xwlj/p0+0Wddo7XPBkwRkIP/NNnQuE9QcmhSum\nmy2WCtj5ANQ0raHRerQoPwjq/UcSLRLAIUTBdZtyWsWSZMjEd0D77F+qklCWfpSH\nyDECggEAEaCankeqpmPcSBDdvHZ9TP42aYqvvgrb36bK8A4HdGujx2dWafPcLojm\nizEtUPv2nVU2sGjGmPct5gSCS0oSwjVoIj7UKjT1dLN2QA115mFuZXNsz7UEifdU\n6XuIHztTcDTmhsDGx/XtsnZFyfEl9z3zZIkO4aJ9lbBiyw5LamGD1ykQ2DavxCFE\neFalDX9PGS/VERX9foHLLXDyEXYuoo8pf3ltupYmqbxMSX5Hf1NvtqYBSTvYiaCv\nmQJ3EuuxjzxXcCuI0YWPcAxlAViz9NAzgk+gxbOB6kEHvq/GWWRebQdvGdSHE9zV\ng5HfdOn7snl93cZxCP+JcOFG55h0Dg==\n-----END PRIVATE KEY-----\n" --troubleshooting_log True

The pods take some time to initialize and stabilize after running this command. Verify the status of the pods using the kubectl get pods -n pty-insightcommand. Avoid updating any more configurations till the pods are ready.

Removing the log forwarding settings

The command stops external SIEM log forwarding, removes the associated configuration, and deletes the certificate-related secrets.

insight delete syslog

The pods take some time to initialize and stabilize after running this command. Verify the status of the pods using the kubectl get pods -n pty-insightcommand. Avoid updating any more configurations till the pods are ready.

fluentd commands

The commands provided here are used for sending logs to the Audit Store, retaining the default storage location, and an external fluentd SIEM.

Viewing the current configuration

The command to view the log forwarding configurations.

insight list fluentd

Verifying connectivity

The command to verify that the external fluentd SIEM is accessible.

insight test fluentd --host <fluentd_address> --port <fluentd_port>

Example:

insight test fluentd --host 192.168.1.100 --port 24284

Forwarding logs to the fluentd server

The command to forward logs to the fluentd server.

insight configure fluentd --host <fluentd_address> --port <fluentd_port> --ca_content "<ca.crt_content>"  --cert_content "<client.crt_content>" --key_content "<client.key_content>"

Example:

insight configure fluentd --host 192.168.1.110 --port 24284 --ca_content "-----BEGIN CERTIFICATE-----\nMIIFmDCCA4CgAwIBAgIIWF8OX+P4jAAwDQYJKoZIhvcNAQELBQAwVzEYMBYGA1UE\nCgwPUHJvdGVncml0eSBJbmMuMQswCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVn\ncml0eSBSb290IENBIC0gWklTbkdKRE5tekdPdGEyQzAgGA8yMDI1MTIyMTAwMDAw\nMFoXDTM1MTIyMDA3NDE1MFowVzEYMBYGA1UECgwPUHJvdGVncml0eSBJbmMuMQsw\nCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVncml0eSBSb290IENBIC0gWklTbkdK\nRE5tekdPdGEyQzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL6nK47Y\n/hs1nBnHxg2/S6ieL/JH9H6M9321qHaSIbqAS2KBy2iNDoy3EhKvHXOgd4TgWc7+\nMGiREDK9QsOZ1UKFn5p5cXt0lkGsRSVB5sh2GurGxCtKEwtXlK8OGAWhz46dmjEr\nT02SH7H6WQA+Zh8+OTdzjpo/aujdI6pGVslSY/ulFcqQF16U7aRTmobPpdSZuFWN\nuBcoAXLhDBLutCWQaYSodksRha6I6olrlSditoHHGOnMWC6S4/+NT1XtSvBEIhVn\nMDRym6UKLNlhR+bb3lyGK5HgA2frXduNIL244z931Ii+JAnvpIsZrQ9k1UghG0L7\n3zLTMSCf1y3yWKhXWnPcN41zWeqiF+gk0zFoIQiaDPjhqNyjzTheXX8YqiTf226E\nxTg1Xrac3LF5Ju+3gCioUzpOo3WbphDmZfDTMBj0cWn7GszLkiNd/AX5bLf/+OdJ\n9KaZSOQcit4A9bxERWFS0vT8aGfN43mUFXrpKLmpltZkmtt4XloEeGndZbHF60hy\n+nRzJVNs9B63xP9+NdpWgvoiRVOBKB04XVcNC6nMCMwYjJRLmBzQQ9PT3dQ2dnpj\nj0TuU/44bj5S5t6aVvEOeKanHHeVqRQm8Kzt4WfDvjp1ASOkApvA5+Xs+DpcKbWH\nMCAZDQpi2vWu8d+c569FvN4e0SbP0qM26NgvAgMBAAGjZjBkMBIGA1UdEwEB/wQI\nMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSnfq6PGf8AwEL9XGyQ\nM1I6087OzjAfBgNVHSMEGDAWgBSnfq6PGf8AwEL9XGyQM1I6087OzjANBgkqhkiG\n9w0BAQsFAAOCAgEALXZZNaa60cpYNFEXgr780IqKUdZa995OvRUs1dCYd4WqzzJD\nVad8Z48GJX3/u/XAk2UM+mUSGaFowqhek58YX0b24O0PG+y3O0XT0EX/+80Fu+Kt\nkPSbiaPyeYxGqEjwed/Y9X5AJig68NA/FRcT5dq2sWA8hcej8Ghm6D3gu9PdBWpk\nRstITsdaSfx6N+avJ0keGMHqLDLSr948XbehRHH9FnvkPfDtkwKzNwhYmeB6/c+v\nal/JLfPy6VWi3fK37XmuhSh2aZ/vsjT7sxvfFTndUVBeumvCS4wW+bByxpC5XBHW\nB1TrPCczqaDqDD/ib1YCLfY6Qgi8IINEsDDkDgpevW2JxSjTywGGYea4J3M5oOdg\nNhjNWt00H/rugEzkB9hP4po9QHSFX5qWgzT/ws01mOcaOr4UQ8msSyVZmfpJkdHy\nx4n4jhvdlsQKhKM7OmpuXGIA7r/lqU5WDQl1Erj/6cNeWp4vx+606mvbjpzk2Lcp\ni0wBnz27jvN4Xvw+zBMzMBMm5iPwKDMKUyo3q87DFC6lBvBwF0kbPom+yLhHH/rF\n0hr21PATUrHHutFebZ3ZqZwusiKKOoD6fpQrF2mwnVGHQPwTUamSFKQZsf9jw3ic\n4zY2nruXc0OSWS2gf1FKRDxpgpMUjthA3nO1YJuiP4I7fB5mqSoYY8bsyhc=\n-----END CERTIFICATE-----\n"  --cert_content "-----BEGIN CERTIFICATE-----\nMIIFHDCCAwSgAwIBAgIIcePfAqBgEAAwDQYJKoZIhvcNAQELBQAwVzEYMBYGA1UE\nCgwPUHJvdGVncml0eSBJbmMuMQswCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVn\ncml0eSBSb290IENBIC0gWkldeedKRE5tekdPdGEyQzAgGA8yMDI1MTIyMTAwMDAw\nMFoXDTM1MTIyMDA3NDE1MlowQzEYMBYGA1UECgwPUHJvdGVncml0eSBJbmMuMQsw\nCQYDVQQGEwJVUzEaMBgGA1UEAwwRUHJvdGVncml0eSBDbGllbnQwggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQCn7/6ZMkJkt1/9iOj+0S8aE64w69iSpEUH\ns/wlCJG5mx7QhMKwTeJSjXO+oVSDH7Kr+eoIpTh4Zt6aC9oUaynJ4tLpE1/xb5V9\n2Brafthx6b49/kgeCEvDQtFbmwJPOZ9f2W71oK8s6zgM/dASpH4LgAu3Y7vfJ9eH\nZB63MuDFc429WyDuXQ4xnQ07RUKd40Q7JSKt4WNIdl7IVlAdAwTg+/4+xhYohSgi\ndi82XJRD0MCs0EQg6K5G0Do8DcAmdBsE3LTjJr55G1Juscv6qfh0BCTuyhJpS3dI\nQa5YiSuTIDiO45h8V4BS/+AB42tYSejvQKVmCbaCb9aqwn9LjrM0G4GYU0llvVi0\nvi8d76s9wb1V0Au0lkr/xFMCXebYWGr1I48kKlFKf0l11fP0rjAQO+qWwNJI1ax8\n7g1dh49NwBJbnZJvlv1Hb5KlrOvwHfr8UkFBZ1GVBZum0wbwFirZXxuU43AZp2S\nnwVDl+i3fP4FEu8SMIijhU3NQeA8PbVcyx3xgsOiNO3wXp2Rt380D4Ynw5A7pF6Y\nUD4TefMzUCgDFEykuUzZlnT9mBR34F4bYUQSLPPqWDXedAHfuUh9na2ws3BltpAV\nvpNM9xWl2NQN6Xsp+gAuMwIHcj0FTiJ38UFyzvPCJ/e+FsW3qWQkgDNhUYlOAplf\np8o/+1Fm7wIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB+s91FIrthptvdBygBsen4\nLaQpfAGIEyeiG1VdTeXtlev2HjPk0p3FnbjZVQhyT00SCWPHa7Vd6ypIqlIFYvnq\nUvUc0fkUqnpAeRWK9p1bif32Qs3rS6Q8mDDVbe2BP/gxOdrPkKPZLZ/rA4cYQAh0\nx/RsdxXtiBkOQpNjZO+UUbyPqohRKek/yLEiltsdBcXeFzcUbZMxks8CAmKVB3Pn\n69NmqZOcJtcj0ydBKL1MdUxPSHXks0z8afVa5IlbJaeaa+Ef0dMDzL/JdH7FslaZ\ntHvgJpq2RinHx1emIlmAk1ji0L/4MCqRrCdNU1rVIob7amyd6gkAkEIYUlsHFEp1\nBdVU8hh4F9UQ6dQvZ6etO4/Pus8t4DjdY8Xllsgot4NXL94r/asG+z3QjIIokUfu\nEDRorE82P809hWhRVbZ1A66/3XERD4BGmn3PML94YdC+vOxricqkrZ4oJDD3gbow\nfJWQIZ96hMndAG0H055qvgoWNqjifw9KXLHqelHWOiyJftJrchCOwZ3gRlA8WaOy\nHvCNN1VzCOfaNw9YJlJ4c3DLzwwRxo/KinycCvDaYGhBLTkWjZFqqkdwm4cqK9cf\n3joxQKh51a5ENZ2hoJUEvlcfjerQGPMRMUR4n3GwPf7Vca3fd+S1+qA7tcldEKx9\nHte3R2N5rYd/obrdkh5J0A==\n-----END CERTIFICATE-----\n" --key_content "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCn7/6ZMkJkt1/9\niOj+0S8aE64w69iSpEUHs/wlCJG5mx7QhMKwTeJSjXO+oVSDH7Kr+eoIpTh4Zt6a\nC9oUaynJ4tLpE1/xb5V92Brafthx6b49/kgeCEvDQtFbmwJPOZ9f2W71oK8s6zgM\n/dASpH4LgAu3Y7vfJ9eHZB63MuDFc429WyDuXQ4xnQ07RUKd40Q7JSKt4WNIdl7I\nVlAdAwTg+/4+xhYohSgidi82XJRD0MCs0EQg6K5G0Do8DcAmdBsE3LTjJr55G1Ju\nscv6qfh0BCTuyhJpS3dIQa5YiSuTIDiO45h8V4BS/+AB42tYSejvQKVmCbaCb9aq\nwn9LjrM0G4GYU0llvVi0vi8d76s9wb1V0Au0lkr/xFMCXebYWGr1I48kKlFKf0l1\n1fP0rjAQO+qWwNJI1ax87g1dh49NwBJbnZJvlv1Hb5Kls2rvwHVcp4UkFBZ1GVBZu\nm0wbwFirZXxuU43AZp2SnwVDl+i3fP4FEu8SMIijhU3NQeA8PbVcyx3xgsOiNO3w\nXp2Rt380D4Ynw5A7pF6YUD4TefMzUCgDFEykuUzZlnT9mBR34F4bYUQSLPPqWDXe\ndAHfuUh9na2ws3BltpAVvpNM9xWl2NQN6Xsp+gAuMwIHcj0FTiJ38UFyzvPCJ/e+\nFsW3qWQkgDNhUYlOAplfp8o/+1Fm7wIDAQABAoICAQCbaiSpzbNX1cRFs7A8MYZv\nkYsAxyJ0AwXHLS/Jbfa+V+naeyJZWpp6X2GgJ1k4x9roAK4vNgfelQSodxNpFgtk\nRD9/Z2jA3Mzx205uqjjQospmQK6o7HCA0ZNCPV+TxfXSFDz1n7C91yjWDQXEWuoy\n5lrxaqDw0cRKDcPHMpSE5n1jobQGI6QBEiCum1gdGbeJLMK9O/pPkwwARrB5SNP5\nCfuuSE81TJVp3wmuO1sSr1vAEjUaZ3rxGb7q2Kbcb1KZ206jcLWRClHtEyl8XlQJ\nudQcEHGddDN9cRtR4A+tZoIw6juxxqCBLz81QCuVV0D0OVVX6uE2MR3uhXSawwgEU\nVWIcWvgXkTgEbg/KgrZ3R9VN7XjawMLVv+3dLQp4idD7keoKWCOHXZtdEXalCmLV\nQQxNtwHkjF0yG+mu6nFEiy89onvTLJtzwriu16BYf8kVnUyd3F94LYQZDWRxCuuG\nNppl0VfikZGM+0P0PpKGy3Yn+qR6d4NhaYFxbrgezRg0KlshWpM/N6ZISBj9QjsZ\nPID4oVDNiTk0nEiHlz4SYqsGrTmPdEIwLTO0QL2SFrcNwqh+qT50s7QFqu+Mwl8E\nieRXdEc5mV0qTQvUWPjNh0l6oEwsKi0dxUL5j4utr3WQgk1Fq/1LNgVFL/rBbAIX\ncI3hmU3UQBiTUtzJ3iDytQKCAQEA3LpDbn7TAwr7DMwA1nBTrv5bwGKN7SGan6fN\nL9BI0uyW3H9EZtlhE2kxapF20//gMlvIYO1kW+vySvXTK6IrBzb9s8dzycqbhpyP\n1Z7HQHJeRjNuExTHlX8hU2kW/evmWeRswJwSo37zf6XWMBN4D/i78OEbNDpTLFDA\n2iYWGx2+Cex7nzsSI1omOhek4UyejKsk4Iv2621ezH2mTsHfyxajP/GsCUIHDB6r\nB2nL8YzY/u4nzOVXu5N+sSthQTn3L4KiFavlOd00cCL22J7Dk15CyXn11MHxdo1p\npXZD/sEJfgmiWvroFlHBDRQRzHhPO7j0SzrssOkysNq/aW1eGQKCAQEAwsYkdUWt\nx0fRSaKyC4IJhsKiFcceZdbmHXPd1iaK+oAGhTzz3xDBDlQYbwy6ej8uk8/3PqBW\nfZPOWD9DszTE7k/Rsd4jwVFMD2daE09JVGyPZ7bq4X3qQ7oL120b6Oi1ZuYIXMPs\nlJzgQbOyPzUZess1OUSNwfB8pZhMkjvgmkkSUlZgyQx5+PRW9cZsf4POO9vCAFRL\nOyNlPMAqT1vvGbtatnHc6iY0v1Gl5J0NJfrzpd6b/Cr619NflpSUw6nEd0PLaGl7\naTqCPdMb5Fh7iISmysfSgVavZo5nIvRNY8vVQX8MBaQdmTKXXfYFbiYgZ+uL4hWg\nlTYXdQGQlIx+RwKCAQAjCKVfSl3vo7SJKXAQmS+PHOwvMvVX5/eE07trlWGZqNeh\nE8olkOcpj466XXBA4eIR3COHzuYY+PAyGaZ0zH6L3JyUBlpIcxIQYZUq0NLLVdvE\nxLD58lhjUBRYCtwNXX3oUqs4Pw1uSd4YKpg+dTifQFmEOBZ7Sa6d4AtcFKN5llTt\nek18zoFofwyGN+6BnAmmRhvKUCzW3TsoteDJq1f8AhHTOmaV6Zb4w31d5drq8fIX\nNHG4wcYVDaoUMNB06+Bh+BgF3Iy7jHKgQcxwQXLFVza+h88O/+F1caiNDKJqMvVw\nvdK5Ig3oTP2ZN9BDZe0di5OqxSWARuM20uGCuEsxAoIBABMLXLU6wushUo1ooxAM\n/vF2RnLqrUY35PgsRByUWDJ2Ii0U8KN29+l2v4zcKb+aPeumAf7Vnp9YvGxUg0Ia\nfsbudwp1NfnJAS7gZCZPMlRW6Q6zC/RQY3+LyWye9oOnfVU6WMb5QUCmtia2c09K\n2drv05xt345+/TET2yjRQfzT+D6kw4Hk/mghO/98D0/Ii3m+2xE9LL3zkAqIn5py\n2sYhU5VTPM6IPdAXI6le0dJM31Xwlj/p0+0Wddo7XPBkwRkIP/NNnQuE9QcmhSum\nmy2WCtj5ANQ0raHRerQoPwjq/UcSLRLAIUTBdZtyWsWSZMjEd0D77F+qklCWfpSH\nyDECggEAEaCankeqpmPcSBDdvHZ9TP42aYqvvgrb36bK8A4HdGujx2dWafPcLojm\nizEtUPv2nVU2sGjGmPct5gSCS0oSwjVoIj7UKjT1dLN2QA115mFuZXNsz7UEifdU\n6XuIHztTcDTmhsDGx/XtsnZFyfEl9z3zZIkO4aJ9lbBiyw5LamGD1ykQ2DavxCFE\neFalDX9PGS/VERX9foHLLXDyEXYuoo8pf3ltupYmqbxMSX5Hf1NvtqYBSTvYiaCv\nmQJ3EuuxjzxXcCuI0YWPcAxlAViz9NAzgk+gxbOB6kEHvq/GWWRebQdvGdSHE9zV\ng5HfdOn7snl93cZxCP+JcOFG55h0Dg==\n-----END PRIVATE KEY-----\n"

insight configure fluentd --host <fluentd_IP_address> --port <fluentd_port> --ca_content "<ca.crt_content>"  --cert_content "<client.crt_content>" --key_content "<client.key_content>" --troubleshooting_log True

Example:

insight configure fluentd --host 192.168.1.110 --port 24284 --ca_content "-----BEGIN CERTIFICATE-----\nMIIFmDCCA4CgAwIBAgIIWF8OX+P4jAAwDQYJKoZIhvcNAQELBQAwVzEYMBYGA1UE\nCgwPUHJvdGVncml0eSBJbmMuMQswCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVn\ncml0eSBSb290IENBIC0gWklTbkdKRE5tekdPdGEyQzAgGA8yMDI1MTIyMTAwMDAw\nMFoXDTM1MTIyMDA3NDE1MFowVzEYMBYGA1UECgwPUHJvdGVncml0eSBJbmMuMQsw\nCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVncml0eSBSb290IENBIC0gWklTbkdK\nRE5tekdPdGEyQzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL6nK47Y\n/hs1nBnHxg2/S6ieL/JH9H6M9321qHaSIbqAS2KBy2iNDoy3EhKvHXOgd4TgWc7+\nMGiREDK9QsOZ1UKFn5p5cXt0lkGsRSVB5sh2GurGxCtKEwtXlK8OGAWhz46dmjEr\nT02SH7H6WQA+Zh8+OTdzjpo/aujdI6pGVslSY/ulFcqQF16U7aRTmobPpdSZuFWN\nuBcoAXLhDBLutCWQaYSodksRha6I6olrlSditoHHGOnMWC6S4/+NT1XtSvBEIhVn\nMDRym6UKLNlhR+bb3lyGK5HgA2frXduNIL244z931Ii+JAnvpIsZrQ9k1UghG0L7\n3zLTMSCf1y3yWKhXWnPcN41zWeqiF+gk0zFoIQiaDPjhqNyjzTheXX8YqiTf226E\nxTg1Xrac3LF5Ju+3gCioUzpOo3WbphDmZfDTMBj0cWn7GszLkiNd/AX5bLf/+OdJ\n9KaZSOQcit4A9bxERWFS0vT8aGfN43mUFXrpKLmpltZkmtt4XloEeGndZbHF60hy\n+nRzJVNs9B63xP9+NdpWgvoiRVOBKB04XVcNC6nMCMwYjJRLmBzQQ9PT3dQ2dnpj\nj0TuU/44bj5S5t6aVvEOeKanHHeVqRQm8Kzt4WfDvjp1ASOkApvA5+Xs+DpcKbWH\nMCAZDQpi2vWu8d+c569FvN4e0SbP0qM26NgvAgMBAAGjZjBkMBIGA1UdEwEB/wQI\nMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSnfq6PGf8AwEL9XGyQ\nM1I6087OzjAfBgNVHSMEGDAWgBSnfq6PGf8AwEL9XGyQM1I6087OzjANBgkqhkiG\n9w0BAQsFAAOCAgEALXZZNaa60cpYNFEXgr780IqKUdZa995OvRUs1dCYd4WqzzJD\nVad8Z48GJX3/u/XAk2UM+mUSGaFowqhek58YX0b24O0PG+y3O0XT0EX/+80Fu+Kt\nkPSbiaPyeYxGqEjwed/Y9X5AJig68NA/FRcT5dq2sWA8hcej8Ghm6D3gu9PdBWpk\nRstITsdaSfx6N+avJ0keGMHqLDLSr948XbehRHH9FnvkPfDtkwKzNwhYmeB6/c+v\nal/JLfPy6VWi3fK37XmuhSh2aZ/vsjT7sxvfFTndUVBeumvCS4wW+bByxpC5XBHW\nB1TrPCczqaDqDD/ib1YCLfY6Qgi8IINEsDDkDgpevW2JxSjTywGGYea4J3M5oOdg\nNhjNWt00H/rugEzkB9hP4po9QHSFX5qWgzT/ws01mOcaOr4UQ8msSyVZmfpJkdHy\nx4n4jhvdlsQKhKM7OmpuXGIA7r/lqU5WDQl1Erj/6cNeWp4vx+606mvbjpzk2Lcp\ni0wBnz27jvN4Xvw+zBMzMBMm5iPwKDMKUyo3q87DFC6lBvBwF0kbPom+yLhHH/rF\n0hr21PATUrHHutFebZ3ZqZwusiKKOoD6fpQrF2mwnVGHQPwTUamSFKQZsf9jw3ic\n4zY2nruXc0OSWS2gf1FKRDxpgpMUjthA3nO1YJuiP4I7fB5mqSoYY8bsyhc=\n-----END CERTIFICATE-----\n"  --cert_content "-----BEGIN CERTIFICATE-----\nMIIFHDCCAwSgAwIBAgIIcePfAqBgEAAwDQYJKoZIhvcNAQELBQAwVzEYMBYGA1UE\nCgwPUHJvdGVncml0eSBJbmMuMQswCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVn\ncml0eSBSb290IENBIC0gWkldeedKRE5tekdPdGEyQzAgGA8yMDI1MTIyMTAwMDAw\nMFoXDTM1MTIyMDA3NDE1MlowQzEYMBYGA1UECgwPUHJvdGVncml0eSBJbmMuMQsw\nCQYDVQQGEwJVUzEaMBgGA1UEAwwRUHJvdGVncml0eSBDbGllbnQwggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQCn7/6ZMkJkt1/9iOj+0S8aE64w69iSpEUH\ns/wlCJG5mx7QhMKwTeJSjXO+oVSDH7Kr+eoIpTh4Zt6aC9oUaynJ4tLpE1/xb5V9\n2Brafthx6b49/kgeCEvDQtFbmwJPOZ9f2W71oK8s6zgM/dASpH4LgAu3Y7vfJ9eH\nZB63MuDFc429WyDuXQ4xnQ07RUKd40Q7JSKt4WNIdl7IVlAdAwTg+/4+xhYohSgi\ndi82XJRD0MCs0EQg6K5G0Do8DcAmdBsE3LTjJr55G1Juscv6qfh0BCTuyhJpS3dI\nQa5YiSuTIDiO45h8V4BS/+AB42tYSejvQKVmCbaCb9aqwn9LjrM0G4GYU0llvVi0\nvi8d76s9wb1V0Au0lkr/xFMCXebYWGr1I48kKlFKf0l11fP0rjAQO+qWwNJI1ax8\n7g1dh49NwBJbnZJvlv1Hb5KlrOvwHfr8UkFBZ1GVBZum0wbwFirZXxuU43AZp2S\nnwVDl+i3fP4FEu8SMIijhU3NQeA8PbVcyx3xgsOiNO3wXp2Rt380D4Ynw5A7pF6Y\nUD4TefMzUCgDFEykuUzZlnT9mBR34F4bYUQSLPPqWDXedAHfuUh9na2ws3BltpAV\nvpNM9xWl2NQN6Xsp+gAuMwIHcj0FTiJ38UFyzvPCJ/e+FsW3qWQkgDNhUYlOAplf\np8o/+1Fm7wIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB+s91FIrthptvdBygBsen4\nLaQpfAGIEyeiG1VdTeXtlev2HjPk0p3FnbjZVQhyT00SCWPHa7Vd6ypIqlIFYvnq\nUvUc0fkUqnpAeRWK9p1bif32Qs3rS6Q8mDDVbe2BP/gxOdrPkKPZLZ/rA4cYQAh0\nx/RsdxXtiBkOQpNjZO+UUbyPqohRKek/yLEiltsdBcXeFzcUbZMxks8CAmKVB3Pn\n69NmqZOcJtcj0ydBKL1MdUxPSHXks0z8afVa5IlbJaeaa+Ef0dMDzL/JdH7FslaZ\ntHvgJpq2RinHx1emIlmAk1ji0L/4MCqRrCdNU1rVIob7amyd6gkAkEIYUlsHFEp1\nBdVU8hh4F9UQ6dQvZ6etO4/Pus8t4DjdY8Xllsgot4NXL94r/asG+z3QjIIokUfu\nEDRorE82P809hWhRVbZ1A66/3XERD4BGmn3PML94YdC+vOxricqkrZ4oJDD3gbow\nfJWQIZ96hMndAG0H055qvgoWNqjifw9KXLHqelHWOiyJftJrchCOwZ3gRlA8WaOy\nHvCNN1VzCOfaNw9YJlJ4c3DLzwwRxo/KinycCvDaYGhBLTkWjZFqqkdwm4cqK9cf\n3joxQKh51a5ENZ2hoJUEvlcfjerQGPMRMUR4n3GwPf7Vca3fd+S1+qA7tcldEKx9\nHte3R2N5rYd/obrdkh5J0A==\n-----END CERTIFICATE-----\n" --key_content "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCn7/6ZMkJkt1/9\niOj+0S8aE64w69iSpEUHs/wlCJG5mx7QhMKwTeJSjXO+oVSDH7Kr+eoIpTh4Zt6a\nC9oUaynJ4tLpE1/xb5V92Brafthx6b49/kgeCEvDQtFbmwJPOZ9f2W71oK8s6zgM\n/dASpH4LgAu3Y7vfJ9eHZB63MuDFc429WyDuXQ4xnQ07RUKd40Q7JSKt4WNIdl7I\nVlAdAwTg+/4+xhYohSgidi82XJRD0MCs0EQg6K5G0Do8DcAmdBsE3LTjJr55G1Ju\nscv6qfh0BCTuyhJpS3dIQa5YiSuTIDiO45h8V4BS/+AB42tYSejvQKVmCbaCb9aq\nwn9LjrM0G4GYU0llvVi0vi8d76s9wb1V0Au0lkr/xFMCXebYWGr1I48kKlFKf0l1\n1fP0rjAQO+qWwNJI1ax87g1dh49NwBJbnZJvlv1Hb5Kls2rvwHVcp4UkFBZ1GVBZu\nm0wbwFirZXxuU43AZp2SnwVDl+i3fP4FEu8SMIijhU3NQeA8PbVcyx3xgsOiNO3w\nXp2Rt380D4Ynw5A7pF6YUD4TefMzUCgDFEykuUzZlnT9mBR34F4bYUQSLPPqWDXe\ndAHfuUh9na2ws3BltpAVvpNM9xWl2NQN6Xsp+gAuMwIHcj0FTiJ38UFyzvPCJ/e+\nFsW3qWQkgDNhUYlOAplfp8o/+1Fm7wIDAQABAoICAQCbaiSpzbNX1cRFs7A8MYZv\nkYsAxyJ0AwXHLS/Jbfa+V+naeyJZWpp6X2GgJ1k4x9roAK4vNgfelQSodxNpFgtk\nRD9/Z2jA3Mzx205uqjjQospmQK6o7HCA0ZNCPV+TxfXSFDz1n7C91yjWDQXEWuoy\n5lrxaqDw0cRKDcPHMpSE5n1jobQGI6QBEiCum1gdGbeJLMK9O/pPkwwARrB5SNP5\nCfuuSE81TJVp3wmuO1sSr1vAEjUaZ3rxGb7q2Kbcb1KZ206jcLWRClHtEyl8XlQJ\nudQcEHGddDN9cRtR4A+tZoIw6juxxqCBLz81QCuVV0D0OVVX6uE2MR3uhXSawwgEU\nVWIcWvgXkTgEbg/KgrZ3R9VN7XjawMLVv+3dLQp4idD7keoKWCOHXZtdEXalCmLV\nQQxNtwHkjF0yG+mu6nFEiy89onvTLJtzwriu16BYf8kVnUyd3F94LYQZDWRxCuuG\nNppl0VfikZGM+0P0PpKGy3Yn+qR6d4NhaYFxbrgezRg0KlshWpM/N6ZISBj9QjsZ\nPID4oVDNiTk0nEiHlz4SYqsGrTmPdEIwLTO0QL2SFrcNwqh+qT50s7QFqu+Mwl8E\nieRXdEc5mV0qTQvUWPjNh0l6oEwsKi0dxUL5j4utr3WQgk1Fq/1LNgVFL/rBbAIX\ncI3hmU3UQBiTUtzJ3iDytQKCAQEA3LpDbn7TAwr7DMwA1nBTrv5bwGKN7SGan6fN\nL9BI0uyW3H9EZtlhE2kxapF20//gMlvIYO1kW+vySvXTK6IrBzb9s8dzycqbhpyP\n1Z7HQHJeRjNuExTHlX8hU2kW/evmWeRswJwSo37zf6XWMBN4D/i78OEbNDpTLFDA\n2iYWGx2+Cex7nzsSI1omOhek4UyejKsk4Iv2621ezH2mTsHfyxajP/GsCUIHDB6r\nB2nL8YzY/u4nzOVXu5N+sSthQTn3L4KiFavlOd00cCL22J7Dk15CyXn11MHxdo1p\npXZD/sEJfgmiWvroFlHBDRQRzHhPO7j0SzrssOkysNq/aW1eGQKCAQEAwsYkdUWt\nx0fRSaKyC4IJhsKiFcceZdbmHXPd1iaK+oAGhTzz3xDBDlQYbwy6ej8uk8/3PqBW\nfZPOWD9DszTE7k/Rsd4jwVFMD2daE09JVGyPZ7bq4X3qQ7oL120b6Oi1ZuYIXMPs\nlJzgQbOyPzUZess1OUSNwfB8pZhMkjvgmkkSUlZgyQx5+PRW9cZsf4POO9vCAFRL\nOyNlPMAqT1vvGbtatnHc6iY0v1Gl5J0NJfrzpd6b/Cr619NflpSUw6nEd0PLaGl7\naTqCPdMb5Fh7iISmysfSgVavZo5nIvRNY8vVQX8MBaQdmTKXXfYFbiYgZ+uL4hWg\nlTYXdQGQlIx+RwKCAQAjCKVfSl3vo7SJKXAQmS+PHOwvMvVX5/eE07trlWGZqNeh\nE8olkOcpj466XXBA4eIR3COHzuYY+PAyGaZ0zH6L3JyUBlpIcxIQYZUq0NLLVdvE\nxLD58lhjUBRYCtwNXX3oUqs4Pw1uSd4YKpg+dTifQFmEOBZ7Sa6d4AtcFKN5llTt\nek18zoFofwyGN+6BnAmmRhvKUCzW3TsoteDJq1f8AhHTOmaV6Zb4w31d5drq8fIX\nNHG4wcYVDaoUMNB06+Bh+BgF3Iy7jHKgQcxwQXLFVza+h88O/+F1caiNDKJqMvVw\nvdK5Ig3oTP2ZN9BDZe0di5OqxSWARuM20uGCuEsxAoIBABMLXLU6wushUo1ooxAM\n/vF2RnLqrUY35PgsRByUWDJ2Ii0U8KN29+l2v4zcKb+aPeumAf7Vnp9YvGxUg0Ia\nfsbudwp1NfnJAS7gZCZPMlRW6Q6zC/RQY3+LyWye9oOnfVU6WMb5QUCmtia2c09K\n2drv05xt345+/TET2yjRQfzT+D6kw4Hk/mghO/98D0/Ii3m+2xE9LL3zkAqIn5py\n2sYhU5VTPM6IPdAXI6le0dJM31Xwlj/p0+0Wddo7XPBkwRkIP/NNnQuE9QcmhSum\nmy2WCtj5ANQ0raHRerQoPwjq/UcSLRLAIUTBdZtyWsWSZMjEd0D77F+qklCWfpSH\nyDECggEAEaCankeqpmPcSBDdvHZ9TP42aYqvvgrb36bK8A4HdGujx2dWafPcLojm\nizEtUPv2nVU2sGjGmPct5gSCS0oSwjVoIj7UKjT1dLN2QA115mFuZXNsz7UEifdU\n6XuIHztTcDTmhsDGx/XtsnZFyfEl9z3zZIkO4aJ9lbBiyw5LamGD1ykQ2DavxCFE\neFalDX9PGS/VERX9foHLLXDyEXYuoo8pf3ltupYmqbxMSX5Hf1NvtqYBSTvYiaCv\nmQJ3EuuxjzxXcCuI0YWPcAxlAViz9NAzgk+gxbOB6kEHvq/GWWRebQdvGdSHE9zV\ng5HfdOn7snl93cZxCP+JcOFG55h0Dg==\n-----END PRIVATE KEY-----\n" --troubleshooting_log True

The pods take some time to initialize and stabilize after running this command. Verify the status of the pods using the kubectl get pods -n pty-insightcommand. Avoid updating any more configurations till the pods are ready.

Configuring the fluentd that receives the logs

The logs forwarded to the SIEM are captured by fluentd on the SIEM. Ensure that the fluentd on the SIEM is configured to send the logs to the required location, such as, a file or another system. The steps provided here store the logs to a file. For more information about the forwarding logs to various systems, refer to the Fluentd documentation.

To configure the external fluentd:

  1. Log in to the external fluentd.
  2. Create a directory for storing the logs.
mkdir fluentd
  1. Update the required permissions for the directory.

For example:

chown -R td-agent:td-agent fluentd
chmod -R 755 fluentd
  1. Open the output configuration using a text edition. The file might be in one of the following locations.
  • /etc/fluent/
  • /etc/td-agent/conf.d/
  • /fluentd/etc/

  1. Optional: Update the code to forward the protector logs to the existing location.

    1. Locate the match tag in the file.
    2. Add the logdata flulog code to the tag to forward the protector logs.
    <match logdata flulog>

  2. Add a match tag with the configuration to the required location. This example sends the logs to a file on the external SIEM. A sample code is provided here. Customize and use the code for your system.

<match kubernetes.**>
  @type copy

  <store>
   @type file
   @log_level info

   # MUST include ${tag}
   path /fluentd/log/out/audit.${tag}
   append true

   <format>
     @type json
   </format>

   # MUST include tag because we used ${tag} above
   <buffer tag,time>
     @type file
     path /fluentd/log/buffer/file_out

     timekey 1m
     timekey_wait 10s

     flush_mode interval
     flush_interval 10s
     flush_thread_count 2

     retry_forever true
     retry_type periodic
     retry_wait 5s
   </buffer>
  </store>

  # keep your existing label routing behavior (optional but usually intended)

</match>
  1. Save and close the file.
  2. Restart the fluentd service.

Updating the log forwarding configuration

The command to update the logs forwarding settings to the syslog server.

insight update fluentd --host <fluentd_IP_address> --port <fluentd_port> --ca_content "<ca.crt_content>"  --cert_content "<client.crt_content>" --key_content "<client.key_content>"

Example:

insight update fluentd --host 192.168.1.110 --port 24284 --ca_content "-----BEGIN CERTIFICATE-----\nMIIFmDCCA4CgAwIBAgIIWF8OX+P4jAAwDQYJKoZIhvcNAQELBQAwVzEYMBYGA1UE\nCgwPUHJvdGVncml0eSBJbmMuMQswCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVn\ncml0eSBSb290IENBIC0gWklTbkdKRE5tekdPdGEyQzAgGA8yMDI1MTIyMTAwMDAw\nMFoXDTM1MTIyMDA3NDE1MFowVzEYMBYGA1UECgwPUHJvdGVncml0eSBJbmMuMQsw\nCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVncml0eSBSb290IENBIC0gWklTbkdK\nRE5tekdPdGEyQzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL6nK47Y\n/hs1nBnHxg2/S6ieL/JH9H6M9321qHaSIbqAS2KBy2iNDoy3EhKvHXOgd4TgWc7+\nMGiREDK9QsOZ1UKFn5p5cXt0lkGsRSVB5sh2GurGxCtKEwtXlK8OGAWhz46dmjEr\nT02SH7H6WQA+Zh8+OTdzjpo/aujdI6pGVslSY/ulFcqQF16U7aRTmobPpdSZuFWN\nuBcoAXLhDBLutCWQaYSodksRha6I6olrlSditoHHGOnMWC6S4/+NT1XtSvBEIhVn\nMDRym6UKLNlhR+bb3lyGK5HgA2frXduNIL244z931Ii+JAnvpIsZrQ9k1UghG0L7\n3zLTMSCf1y3yWKhXWnPcN41zWeqiF+gk0zFoIQiaDPjhqNyjzTheXX8YqiTf226E\nxTg1Xrac3LF5Ju+3gCioUzpOo3WbphDmZfDTMBj0cWn7GszLkiNd/AX5bLf/+OdJ\n9KaZSOQcit4A9bxERWFS0vT8aGfN43mUFXrpKLmpltZkmtt4XloEeGndZbHF60hy\n+nRzJVNs9B63xP9+NdpWgvoiRVOBKB04XVcNC6nMCMwYjJRLmBzQQ9PT3dQ2dnpj\nj0TuU/44bj5S5t6aVvEOeKanHHeVqRQm8Kzt4WfDvjp1ASOkApvA5+Xs+DpcKbWH\nMCAZDQpi2vWu8d+c569FvN4e0SbP0qM26NgvAgMBAAGjZjBkMBIGA1UdEwEB/wQI\nMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSnfq6PGf8AwEL9XGyQ\nM1I6087OzjAfBgNVHSMEGDAWgBSnfq6PGf8AwEL9XGyQM1I6087OzjANBgkqhkiG\n9w0BAQsFAAOCAgEALXZZNaa60cpYNFEXgr780IqKUdZa995OvRUs1dCYd4WqzzJD\nVad8Z48GJX3/u/XAk2UM+mUSGaFowqhek58YX0b24O0PG+y3O0XT0EX/+80Fu+Kt\nkPSbiaPyeYxGqEjwed/Y9X5AJig68NA/FRcT5dq2sWA8hcej8Ghm6D3gu9PdBWpk\nRstITsdaSfx6N+avJ0keGMHqLDLSr948XbehRHH9FnvkPfDtkwKzNwhYmeB6/c+v\nal/JLfPy6VWi3fK37XmuhSh2aZ/vsjT7sxvfFTndUVBeumvCS4wW+bByxpC5XBHW\nB1TrPCczqaDqDD/ib1YCLfY6Qgi8IINEsDDkDgpevW2JxSjTywGGYea4J3M5oOdg\nNhjNWt00H/rugEzkB9hP4po9QHSFX5qWgzT/ws01mOcaOr4UQ8msSyVZmfpJkdHy\nx4n4jhvdlsQKhKM7OmpuXGIA7r/lqU5WDQl1Erj/6cNeWp4vx+606mvbjpzk2Lcp\ni0wBnz27jvN4Xvw+zBMzMBMm5iPwKDMKUyo3q87DFC6lBvBwF0kbPom+yLhHH/rF\n0hr21PATUrHHutFebZ3ZqZwusiKKOoD6fpQrF2mwnVGHQPwTUamSFKQZsf9jw3ic\n4zY2nruXc0OSWS2gf1FKRDxpgpMUjthA3nO1YJuiP4I7fB5mqSoYY8bsyhc=\n-----END CERTIFICATE-----\n"  --cert_content "-----BEGIN CERTIFICATE-----\nMIIFHDCCAwSgAwIBAgIIcePfAqBgEAAwDQYJKoZIhvcNAQELBQAwVzEYMBYGA1UE\nCgwPUHJvdGVncml0eSBJbmMuMQswCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVn\ncml0eSBSb290IENBIC0gWkldeedKRE5tekdPdGEyQzAgGA8yMDI1MTIyMTAwMDAw\nMFoXDTM1MTIyMDA3NDE1MlowQzEYMBYGA1UECgwPUHJvdGVncml0eSBJbmMuMQsw\nCQYDVQQGEwJVUzEaMBgGA1UEAwwRUHJvdGVncml0eSBDbGllbnQwggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQCn7/6ZMkJkt1/9iOj+0S8aE64w69iSpEUH\ns/wlCJG5mx7QhMKwTeJSjXO+oVSDH7Kr+eoIpTh4Zt6aC9oUaynJ4tLpE1/xb5V9\n2Brafthx6b49/kgeCEvDQtFbmwJPOZ9f2W71oK8s6zgM/dASpH4LgAu3Y7vfJ9eH\nZB63MuDFc429WyDuXQ4xnQ07RUKd40Q7JSKt4WNIdl7IVlAdAwTg+/4+xhYohSgi\ndi82XJRD0MCs0EQg6K5G0Do8DcAmdBsE3LTjJr55G1Juscv6qfh0BCTuyhJpS3dI\nQa5YiSuTIDiO45h8V4BS/+AB42tYSejvQKVmCbaCb9aqwn9LjrM0G4GYU0llvVi0\nvi8d76s9wb1V0Au0lkr/xFMCXebYWGr1I48kKlFKf0l11fP0rjAQO+qWwNJI1ax8\n7g1dh49NwBJbnZJvlv1Hb5KlrOvwHfr8UkFBZ1GVBZum0wbwFirZXxuU43AZp2S\nnwVDl+i3fP4FEu8SMIijhU3NQeA8PbVcyx3xgsOiNO3wXp2Rt380D4Ynw5A7pF6Y\nUD4TefMzUCgDFEykuUzZlnT9mBR34F4bYUQSLPPqWDXedAHfuUh9na2ws3BltpAV\nvpNM9xWl2NQN6Xsp+gAuMwIHcj0FTiJ38UFyzvPCJ/e+FsW3qWQkgDNhUYlOAplf\np8o/+1Fm7wIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB+s91FIrthptvdBygBsen4\nLaQpfAGIEyeiG1VdTeXtlev2HjPk0p3FnbjZVQhyT00SCWPHa7Vd6ypIqlIFYvnq\nUvUc0fkUqnpAeRWK9p1bif32Qs3rS6Q8mDDVbe2BP/gxOdrPkKPZLZ/rA4cYQAh0\nx/RsdxXtiBkOQpNjZO+UUbyPqohRKek/yLEiltsdBcXeFzcUbZMxks8CAmKVB3Pn\n69NmqZOcJtcj0ydBKL1MdUxPSHXks0z8afVa5IlbJaeaa+Ef0dMDzL/JdH7FslaZ\ntHvgJpq2RinHx1emIlmAk1ji0L/4MCqRrCdNU1rVIob7amyd6gkAkEIYUlsHFEp1\nBdVU8hh4F9UQ6dQvZ6etO4/Pus8t4DjdY8Xllsgot4NXL94r/asG+z3QjIIokUfu\nEDRorE82P809hWhRVbZ1A66/3XERD4BGmn3PML94YdC+vOxricqkrZ4oJDD3gbow\nfJWQIZ96hMndAG0H055qvgoWNqjifw9KXLHqelHWOiyJftJrchCOwZ3gRlA8WaOy\nHvCNN1VzCOfaNw9YJlJ4c3DLzwwRxo/KinycCvDaYGhBLTkWjZFqqkdwm4cqK9cf\n3joxQKh51a5ENZ2hoJUEvlcfjerQGPMRMUR4n3GwPf7Vca3fd+S1+qA7tcldEKx9\nHte3R2N5rYd/obrdkh5J0A==\n-----END CERTIFICATE-----\n" --key_content "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCn7/6ZMkJkt1/9\niOj+0S8aE64w69iSpEUHs/wlCJG5mx7QhMKwTeJSjXO+oVSDH7Kr+eoIpTh4Zt6a\nC9oUaynJ4tLpE1/xb5V92Brafthx6b49/kgeCEvDQtFbmwJPOZ9f2W71oK8s6zgM\n/dASpH4LgAu3Y7vfJ9eHZB63MuDFc429WyDuXQ4xnQ07RUKd40Q7JSKt4WNIdl7I\nVlAdAwTg+/4+xhYohSgidi82XJRD0MCs0EQg6K5G0Do8DcAmdBsE3LTjJr55G1Ju\nscv6qfh0BCTuyhJpS3dIQa5YiSuTIDiO45h8V4BS/+AB42tYSejvQKVmCbaCb9aq\nwn9LjrM0G4GYU0llvVi0vi8d76s9wb1V0Au0lkr/xFMCXebYWGr1I48kKlFKf0l1\n1fP0rjAQO+qWwNJI1ax87g1dh49NwBJbnZJvlv1Hb5Kls2rvwHVcp4UkFBZ1GVBZu\nm0wbwFirZXxuU43AZp2SnwVDl+i3fP4FEu8SMIijhU3NQeA8PbVcyx3xgsOiNO3w\nXp2Rt380D4Ynw5A7pF6YUD4TefMzUCgDFEykuUzZlnT9mBR34F4bYUQSLPPqWDXe\ndAHfuUh9na2ws3BltpAVvpNM9xWl2NQN6Xsp+gAuMwIHcj0FTiJ38UFyzvPCJ/e+\nFsW3qWQkgDNhUYlOAplfp8o/+1Fm7wIDAQABAoICAQCbaiSpzbNX1cRFs7A8MYZv\nkYsAxyJ0AwXHLS/Jbfa+V+naeyJZWpp6X2GgJ1k4x9roAK4vNgfelQSodxNpFgtk\nRD9/Z2jA3Mzx205uqjjQospmQK6o7HCA0ZNCPV+TxfXSFDz1n7C91yjWDQXEWuoy\n5lrxaqDw0cRKDcPHMpSE5n1jobQGI6QBEiCum1gdGbeJLMK9O/pPkwwARrB5SNP5\nCfuuSE81TJVp3wmuO1sSr1vAEjUaZ3rxGb7q2Kbcb1KZ206jcLWRClHtEyl8XlQJ\nudQcEHGddDN9cRtR4A+tZoIw6juxxqCBLz81QCuVV0D0OVVX6uE2MR3uhXSawwgEU\nVWIcWvgXkTgEbg/KgrZ3R9VN7XjawMLVv+3dLQp4idD7keoKWCOHXZtdEXalCmLV\nQQxNtwHkjF0yG+mu6nFEiy89onvTLJtzwriu16BYf8kVnUyd3F94LYQZDWRxCuuG\nNppl0VfikZGM+0P0PpKGy3Yn+qR6d4NhaYFxbrgezRg0KlshWpM/N6ZISBj9QjsZ\nPID4oVDNiTk0nEiHlz4SYqsGrTmPdEIwLTO0QL2SFrcNwqh+qT50s7QFqu+Mwl8E\nieRXdEc5mV0qTQvUWPjNh0l6oEwsKi0dxUL5j4utr3WQgk1Fq/1LNgVFL/rBbAIX\ncI3hmU3UQBiTUtzJ3iDytQKCAQEA3LpDbn7TAwr7DMwA1nBTrv5bwGKN7SGan6fN\nL9BI0uyW3H9EZtlhE2kxapF20//gMlvIYO1kW+vySvXTK6IrBzb9s8dzycqbhpyP\n1Z7HQHJeRjNuExTHlX8hU2kW/evmWeRswJwSo37zf6XWMBN4D/i78OEbNDpTLFDA\n2iYWGx2+Cex7nzsSI1omOhek4UyejKsk4Iv2621ezH2mTsHfyxajP/GsCUIHDB6r\nB2nL8YzY/u4nzOVXu5N+sSthQTn3L4KiFavlOd00cCL22J7Dk15CyXn11MHxdo1p\npXZD/sEJfgmiWvroFlHBDRQRzHhPO7j0SzrssOkysNq/aW1eGQKCAQEAwsYkdUWt\nx0fRSaKyC4IJhsKiFcceZdbmHXPd1iaK+oAGhTzz3xDBDlQYbwy6ej8uk8/3PqBW\nfZPOWD9DszTE7k/Rsd4jwVFMD2daE09JVGyPZ7bq4X3qQ7oL120b6Oi1ZuYIXMPs\nlJzgQbOyPzUZess1OUSNwfB8pZhMkjvgmkkSUlZgyQx5+PRW9cZsf4POO9vCAFRL\nOyNlPMAqT1vvGbtatnHc6iY0v1Gl5J0NJfrzpd6b/Cr619NflpSUw6nEd0PLaGl7\naTqCPdMb5Fh7iISmysfSgVavZo5nIvRNY8vVQX8MBaQdmTKXXfYFbiYgZ+uL4hWg\nlTYXdQGQlIx+RwKCAQAjCKVfSl3vo7SJKXAQmS+PHOwvMvVX5/eE07trlWGZqNeh\nE8olkOcpj466XXBA4eIR3COHzuYY+PAyGaZ0zH6L3JyUBlpIcxIQYZUq0NLLVdvE\nxLD58lhjUBRYCtwNXX3oUqs4Pw1uSd4YKpg+dTifQFmEOBZ7Sa6d4AtcFKN5llTt\nek18zoFofwyGN+6BnAmmRhvKUCzW3TsoteDJq1f8AhHTOmaV6Zb4w31d5drq8fIX\nNHG4wcYVDaoUMNB06+Bh+BgF3Iy7jHKgQcxwQXLFVza+h88O/+F1caiNDKJqMvVw\nvdK5Ig3oTP2ZN9BDZe0di5OqxSWARuM20uGCuEsxAoIBABMLXLU6wushUo1ooxAM\n/vF2RnLqrUY35PgsRByUWDJ2Ii0U8KN29+l2v4zcKb+aPeumAf7Vnp9YvGxUg0Ia\nfsbudwp1NfnJAS7gZCZPMlRW6Q6zC/RQY3+LyWye9oOnfVU6WMb5QUCmtia2c09K\n2drv05xt345+/TET2yjRQfzT+D6kw4Hk/mghO/98D0/Ii3m+2xE9LL3zkAqIn5py\n2sYhU5VTPM6IPdAXI6le0dJM31Xwlj/p0+0Wddo7XPBkwRkIP/NNnQuE9QcmhSum\nmy2WCtj5ANQ0raHRerQoPwjq/UcSLRLAIUTBdZtyWsWSZMjEd0D77F+qklCWfpSH\nyDECggEAEaCankeqpmPcSBDdvHZ9TP42aYqvvgrb36bK8A4HdGujx2dWafPcLojm\nizEtUPv2nVU2sGjGmPct5gSCS0oSwjVoIj7UKjT1dLN2QA115mFuZXNsz7UEifdU\n6XuIHztTcDTmhsDGx/XtsnZFyfEl9z3zZIkO4aJ9lbBiyw5LamGD1ykQ2DavxCFE\neFalDX9PGS/VERX9foHLLXDyEXYuoo8pf3ltupYmqbxMSX5Hf1NvtqYBSTvYiaCv\nmQJ3EuuxjzxXcCuI0YWPcAxlAViz9NAzgk+gxbOB6kEHvq/GWWRebQdvGdSHE9zV\ng5HfdOn7snl93cZxCP+JcOFG55h0Dg==\n-----END PRIVATE KEY-----\n"

insight update fluentd --host <fluentd_IP_address> --port <fluentd_port> --ca_content "<ca.crt_content>"  --cert_content "<client.crt_content>" --key_content "<client.key_content>" --troubleshooting_log True

Example:

insight update fluentd --host 192.168.1.110 --port 24284 --ca_content "-----BEGIN CERTIFICATE-----\nMIIFmDCCA4CgAwIBAgIIWF8OX+P4jAAwDQYJKoZIhvcNAQELBQAwVzEYMBYGA1UE\nCgwPUHJvdGVncml0eSBJbmMuMQswCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVn\ncml0eSBSb290IENBIC0gWklTbkdKRE5tekdPdGEyQzAgGA8yMDI1MTIyMTAwMDAw\nMFoXDTM1MTIyMDA3NDE1MFowVzEYMBYGA1UECgwPUHJvdGVncml0eSBJbmMuMQsw\nCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVncml0eSBSb290IENBIC0gWklTbkdK\nRE5tekdPdGEyQzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL6nK47Y\n/hs1nBnHxg2/S6ieL/JH9H6M9321qHaSIbqAS2KBy2iNDoy3EhKvHXOgd4TgWc7+\nMGiREDK9QsOZ1UKFn5p5cXt0lkGsRSVB5sh2GurGxCtKEwtXlK8OGAWhz46dmjEr\nT02SH7H6WQA+Zh8+OTdzjpo/aujdI6pGVslSY/ulFcqQF16U7aRTmobPpdSZuFWN\nuBcoAXLhDBLutCWQaYSodksRha6I6olrlSditoHHGOnMWC6S4/+NT1XtSvBEIhVn\nMDRym6UKLNlhR+bb3lyGK5HgA2frXduNIL244z931Ii+JAnvpIsZrQ9k1UghG0L7\n3zLTMSCf1y3yWKhXWnPcN41zWeqiF+gk0zFoIQiaDPjhqNyjzTheXX8YqiTf226E\nxTg1Xrac3LF5Ju+3gCioUzpOo3WbphDmZfDTMBj0cWn7GszLkiNd/AX5bLf/+OdJ\n9KaZSOQcit4A9bxERWFS0vT8aGfN43mUFXrpKLmpltZkmtt4XloEeGndZbHF60hy\n+nRzJVNs9B63xP9+NdpWgvoiRVOBKB04XVcNC6nMCMwYjJRLmBzQQ9PT3dQ2dnpj\nj0TuU/44bj5S5t6aVvEOeKanHHeVqRQm8Kzt4WfDvjp1ASOkApvA5+Xs+DpcKbWH\nMCAZDQpi2vWu8d+c569FvN4e0SbP0qM26NgvAgMBAAGjZjBkMBIGA1UdEwEB/wQI\nMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSnfq6PGf8AwEL9XGyQ\nM1I6087OzjAfBgNVHSMEGDAWgBSnfq6PGf8AwEL9XGyQM1I6087OzjANBgkqhkiG\n9w0BAQsFAAOCAgEALXZZNaa60cpYNFEXgr780IqKUdZa995OvRUs1dCYd4WqzzJD\nVad8Z48GJX3/u/XAk2UM+mUSGaFowqhek58YX0b24O0PG+y3O0XT0EX/+80Fu+Kt\nkPSbiaPyeYxGqEjwed/Y9X5AJig68NA/FRcT5dq2sWA8hcej8Ghm6D3gu9PdBWpk\nRstITsdaSfx6N+avJ0keGMHqLDLSr948XbehRHH9FnvkPfDtkwKzNwhYmeB6/c+v\nal/JLfPy6VWi3fK37XmuhSh2aZ/vsjT7sxvfFTndUVBeumvCS4wW+bByxpC5XBHW\nB1TrPCczqaDqDD/ib1YCLfY6Qgi8IINEsDDkDgpevW2JxSjTywGGYea4J3M5oOdg\nNhjNWt00H/rugEzkB9hP4po9QHSFX5qWgzT/ws01mOcaOr4UQ8msSyVZmfpJkdHy\nx4n4jhvdlsQKhKM7OmpuXGIA7r/lqU5WDQl1Erj/6cNeWp4vx+606mvbjpzk2Lcp\ni0wBnz27jvN4Xvw+zBMzMBMm5iPwKDMKUyo3q87DFC6lBvBwF0kbPom+yLhHH/rF\n0hr21PATUrHHutFebZ3ZqZwusiKKOoD6fpQrF2mwnVGHQPwTUamSFKQZsf9jw3ic\n4zY2nruXc0OSWS2gf1FKRDxpgpMUjthA3nO1YJuiP4I7fB5mqSoYY8bsyhc=\n-----END CERTIFICATE-----\n"  --cert_content "-----BEGIN CERTIFICATE-----\nMIIFHDCCAwSgAwIBAgIIcePfAqBgEAAwDQYJKoZIhvcNAQELBQAwVzEYMBYGA1UE\nCgwPUHJvdGVncml0eSBJbmMuMQswCQYDVQQGEwJVUzEuMCwGA1UEAwwlUHJvdGVn\ncml0eSBSb290IENBIC0gWkldeedKRE5tekdPdGEyQzAgGA8yMDI1MTIyMTAwMDAw\nMFoXDTM1MTIyMDA3NDE1MlowQzEYMBYGA1UECgwPUHJvdGVncml0eSBJbmMuMQsw\nCQYDVQQGEwJVUzEaMBgGA1UEAwwRUHJvdGVncml0eSBDbGllbnQwggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQCn7/6ZMkJkt1/9iOj+0S8aE64w69iSpEUH\ns/wlCJG5mx7QhMKwTeJSjXO+oVSDH7Kr+eoIpTh4Zt6aC9oUaynJ4tLpE1/xb5V9\n2Brafthx6b49/kgeCEvDQtFbmwJPOZ9f2W71oK8s6zgM/dASpH4LgAu3Y7vfJ9eH\nZB63MuDFc429WyDuXQ4xnQ07RUKd40Q7JSKt4WNIdl7IVlAdAwTg+/4+xhYohSgi\ndi82XJRD0MCs0EQg6K5G0Do8DcAmdBsE3LTjJr55G1Juscv6qfh0BCTuyhJpS3dI\nQa5YiSuTIDiO45h8V4BS/+AB42tYSejvQKVmCbaCb9aqwn9LjrM0G4GYU0llvVi0\nvi8d76s9wb1V0Au0lkr/xFMCXebYWGr1I48kKlFKf0l11fP0rjAQO+qWwNJI1ax8\n7g1dh49NwBJbnZJvlv1Hb5KlrOvwHfr8UkFBZ1GVBZum0wbwFirZXxuU43AZp2S\nnwVDl+i3fP4FEu8SMIijhU3NQeA8PbVcyx3xgsOiNO3wXp2Rt380D4Ynw5A7pF6Y\nUD4TefMzUCgDFEykuUzZlnT9mBR34F4bYUQSLPPqWDXedAHfuUh9na2ws3BltpAV\nvpNM9xWl2NQN6Xsp+gAuMwIHcj0FTiJ38UFyzvPCJ/e+FsW3qWQkgDNhUYlOAplf\np8o/+1Fm7wIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB+s91FIrthptvdBygBsen4\nLaQpfAGIEyeiG1VdTeXtlev2HjPk0p3FnbjZVQhyT00SCWPHa7Vd6ypIqlIFYvnq\nUvUc0fkUqnpAeRWK9p1bif32Qs3rS6Q8mDDVbe2BP/gxOdrPkKPZLZ/rA4cYQAh0\nx/RsdxXtiBkOQpNjZO+UUbyPqohRKek/yLEiltsdBcXeFzcUbZMxks8CAmKVB3Pn\n69NmqZOcJtcj0ydBKL1MdUxPSHXks0z8afVa5IlbJaeaa+Ef0dMDzL/JdH7FslaZ\ntHvgJpq2RinHx1emIlmAk1ji0L/4MCqRrCdNU1rVIob7amyd6gkAkEIYUlsHFEp1\nBdVU8hh4F9UQ6dQvZ6etO4/Pus8t4DjdY8Xllsgot4NXL94r/asG+z3QjIIokUfu\nEDRorE82P809hWhRVbZ1A66/3XERD4BGmn3PML94YdC+vOxricqkrZ4oJDD3gbow\nfJWQIZ96hMndAG0H055qvgoWNqjifw9KXLHqelHWOiyJftJrchCOwZ3gRlA8WaOy\nHvCNN1VzCOfaNw9YJlJ4c3DLzwwRxo/KinycCvDaYGhBLTkWjZFqqkdwm4cqK9cf\n3joxQKh51a5ENZ2hoJUEvlcfjerQGPMRMUR4n3GwPf7Vca3fd+S1+qA7tcldEKx9\nHte3R2N5rYd/obrdkh5J0A==\n-----END CERTIFICATE-----\n" --key_content "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCn7/6ZMkJkt1/9\niOj+0S8aE64w69iSpEUHs/wlCJG5mx7QhMKwTeJSjXO+oVSDH7Kr+eoIpTh4Zt6a\nC9oUaynJ4tLpE1/xb5V92Brafthx6b49/kgeCEvDQtFbmwJPOZ9f2W71oK8s6zgM\n/dASpH4LgAu3Y7vfJ9eHZB63MuDFc429WyDuXQ4xnQ07RUKd40Q7JSKt4WNIdl7I\nVlAdAwTg+/4+xhYohSgidi82XJRD0MCs0EQg6K5G0Do8DcAmdBsE3LTjJr55G1Ju\nscv6qfh0BCTuyhJpS3dIQa5YiSuTIDiO45h8V4BS/+AB42tYSejvQKVmCbaCb9aq\nwn9LjrM0G4GYU0llvVi0vi8d76s9wb1V0Au0lkr/xFMCXebYWGr1I48kKlFKf0l1\n1fP0rjAQO+qWwNJI1ax87g1dh49NwBJbnZJvlv1Hb5Kls2rvwHVcp4UkFBZ1GVBZu\nm0wbwFirZXxuU43AZp2SnwVDl+i3fP4FEu8SMIijhU3NQeA8PbVcyx3xgsOiNO3w\nXp2Rt380D4Ynw5A7pF6YUD4TefMzUCgDFEykuUzZlnT9mBR34F4bYUQSLPPqWDXe\ndAHfuUh9na2ws3BltpAVvpNM9xWl2NQN6Xsp+gAuMwIHcj0FTiJ38UFyzvPCJ/e+\nFsW3qWQkgDNhUYlOAplfp8o/+1Fm7wIDAQABAoICAQCbaiSpzbNX1cRFs7A8MYZv\nkYsAxyJ0AwXHLS/Jbfa+V+naeyJZWpp6X2GgJ1k4x9roAK4vNgfelQSodxNpFgtk\nRD9/Z2jA3Mzx205uqjjQospmQK6o7HCA0ZNCPV+TxfXSFDz1n7C91yjWDQXEWuoy\n5lrxaqDw0cRKDcPHMpSE5n1jobQGI6QBEiCum1gdGbeJLMK9O/pPkwwARrB5SNP5\nCfuuSE81TJVp3wmuO1sSr1vAEjUaZ3rxGb7q2Kbcb1KZ206jcLWRClHtEyl8XlQJ\nudQcEHGddDN9cRtR4A+tZoIw6juxxqCBLz81QCuVV0D0OVVX6uE2MR3uhXSawwgEU\nVWIcWvgXkTgEbg/KgrZ3R9VN7XjawMLVv+3dLQp4idD7keoKWCOHXZtdEXalCmLV\nQQxNtwHkjF0yG+mu6nFEiy89onvTLJtzwriu16BYf8kVnUyd3F94LYQZDWRxCuuG\nNppl0VfikZGM+0P0PpKGy3Yn+qR6d4NhaYFxbrgezRg0KlshWpM/N6ZISBj9QjsZ\nPID4oVDNiTk0nEiHlz4SYqsGrTmPdEIwLTO0QL2SFrcNwqh+qT50s7QFqu+Mwl8E\nieRXdEc5mV0qTQvUWPjNh0l6oEwsKi0dxUL5j4utr3WQgk1Fq/1LNgVFL/rBbAIX\ncI3hmU3UQBiTUtzJ3iDytQKCAQEA3LpDbn7TAwr7DMwA1nBTrv5bwGKN7SGan6fN\nL9BI0uyW3H9EZtlhE2kxapF20//gMlvIYO1kW+vySvXTK6IrBzb9s8dzycqbhpyP\n1Z7HQHJeRjNuExTHlX8hU2kW/evmWeRswJwSo37zf6XWMBN4D/i78OEbNDpTLFDA\n2iYWGx2+Cex7nzsSI1omOhek4UyejKsk4Iv2621ezH2mTsHfyxajP/GsCUIHDB6r\nB2nL8YzY/u4nzOVXu5N+sSthQTn3L4KiFavlOd00cCL22J7Dk15CyXn11MHxdo1p\npXZD/sEJfgmiWvroFlHBDRQRzHhPO7j0SzrssOkysNq/aW1eGQKCAQEAwsYkdUWt\nx0fRSaKyC4IJhsKiFcceZdbmHXPd1iaK+oAGhTzz3xDBDlQYbwy6ej8uk8/3PqBW\nfZPOWD9DszTE7k/Rsd4jwVFMD2daE09JVGyPZ7bq4X3qQ7oL120b6Oi1ZuYIXMPs\nlJzgQbOyPzUZess1OUSNwfB8pZhMkjvgmkkSUlZgyQx5+PRW9cZsf4POO9vCAFRL\nOyNlPMAqT1vvGbtatnHc6iY0v1Gl5J0NJfrzpd6b/Cr619NflpSUw6nEd0PLaGl7\naTqCPdMb5Fh7iISmysfSgVavZo5nIvRNY8vVQX8MBaQdmTKXXfYFbiYgZ+uL4hWg\nlTYXdQGQlIx+RwKCAQAjCKVfSl3vo7SJKXAQmS+PHOwvMvVX5/eE07trlWGZqNeh\nE8olkOcpj466XXBA4eIR3COHzuYY+PAyGaZ0zH6L3JyUBlpIcxIQYZUq0NLLVdvE\nxLD58lhjUBRYCtwNXX3oUqs4Pw1uSd4YKpg+dTifQFmEOBZ7Sa6d4AtcFKN5llTt\nek18zoFofwyGN+6BnAmmRhvKUCzW3TsoteDJq1f8AhHTOmaV6Zb4w31d5drq8fIX\nNHG4wcYVDaoUMNB06+Bh+BgF3Iy7jHKgQcxwQXLFVza+h88O/+F1caiNDKJqMvVw\nvdK5Ig3oTP2ZN9BDZe0di5OqxSWARuM20uGCuEsxAoIBABMLXLU6wushUo1ooxAM\n/vF2RnLqrUY35PgsRByUWDJ2Ii0U8KN29+l2v4zcKb+aPeumAf7Vnp9YvGxUg0Ia\nfsbudwp1NfnJAS7gZCZPMlRW6Q6zC/RQY3+LyWye9oOnfVU6WMb5QUCmtia2c09K\n2drv05xt345+/TET2yjRQfzT+D6kw4Hk/mghO/98D0/Ii3m+2xE9LL3zkAqIn5py\n2sYhU5VTPM6IPdAXI6le0dJM31Xwlj/p0+0Wddo7XPBkwRkIP/NNnQuE9QcmhSum\nmy2WCtj5ANQ0raHRerQoPwjq/UcSLRLAIUTBdZtyWsWSZMjEd0D77F+qklCWfpSH\nyDECggEAEaCankeqpmPcSBDdvHZ9TP42aYqvvgrb36bK8A4HdGujx2dWafPcLojm\nizEtUPv2nVU2sGjGmPct5gSCS0oSwjVoIj7UKjT1dLN2QA115mFuZXNsz7UEifdU\n6XuIHztTcDTmhsDGx/XtsnZFyfEl9z3zZIkO4aJ9lbBiyw5LamGD1ykQ2DavxCFE\neFalDX9PGS/VERX9foHLLXDyEXYuoo8pf3ltupYmqbxMSX5Hf1NvtqYBSTvYiaCv\nmQJ3EuuxjzxXcCuI0YWPcAxlAViz9NAzgk+gxbOB6kEHvq/GWWRebQdvGdSHE9zV\ng5HfdOn7snl93cZxCP+JcOFG55h0Dg==\n-----END PRIVATE KEY-----\n" --troubleshooting_log True

The pods take some time to initialize and stabilize after running this command. Verify the status of the pods using the kubectl get pods -n pty-insightcommand. Avoid updating any more configurations till the pods are ready.

Removing the log forwarding settings

The command stops external SIEM log forwarding, removes the associated configuration, and deletes the certificate-related secrets.

insight delete fluentd

The pods take some time to initialize and stabilize after running this command. Verify the status of the pods using the kubectl get pods -n pty-insightcommand. Avoid updating any more configurations till the pods are ready.


Last modified : April 13, 2026