Deploying Log Forwarder

Describes how to deploy the Log Forwarder.

The Log Forwarder is deployed as a DaemonSet. The following steps describe how to deploy Log Forwarder.

On the Linux instance, run the following command to create the namespace required for Helm deployment.
```
kubectl create namespace <Namespace name>
```
For example:
```
kubectl create namespace iap-rest
```

On the Linux instance, navigate to the location where you have extracted the Helm charts to deploy the Log Forwarder.

For more information about the extracted Helm charts, refer to the section Extracting the Installation Package.

The logforwarder > values.yaml file contains the default configuration values for deploying the Log Forwarder container on the Kubernetes cluster. The following content shows an extract of the values.yaml file.

 ...

  # - Protegrity PSU(Protegrity Storage Unit)/ESA configuration.
  # Logforwarder will send audit records to below specified hosts/ip.
  # User can specify multiple PSU/ESA distribute the audit records and avoid downtime.
  opensearch:
   # -- specify a given name to uniquely identify PSU/ESA in the deployment.
   - name:
      # -- hostname/ip address of PSU/ESA
      host:
      # -- port address of ESA/PSU
      port: 9200
   # - name: node-2
   #   host: test-insight
   #   port: 9200

  # -- Kubernetes service configuration, represents a TCP endpoint to receive audit records
  # from the protectors.
  service:
    # -- Configure service type: ClusterIP for Logforwarder endpoint.
    type: ClusterIP
    # -- port to accept incoming audit records from the protector
    port: 15780

 ...

Modify the default values in the values.yaml file as required.

Field	Description
opensearch/name	Specify the unique name for the ESA.
opensearch/host	Specify the host name or IP address of the ESA.
opensearch/port	Specify the port number of the ESA. The default value is 9200.
service/type	Specify the service type for the Log Forwarder. The default value is ClusterIP.
service/port	Specify the service port of the Log Forwarder, which receives the audit logs from the protectors. The default value is 15780.

Run the following command to deploy the Log Forwarder on the Kubernetes cluster.

helm install <Release_Name> --namespace <Namespace where you want to deploy the RPP container> <Location of the directory that contains the Helm charts>

For example:

helm install log1 --namespace iap-rest logforwarder/

Run the following command to check the status of the pods.

kubectl get pods -n <Namespace>

For example:

kubectl get pods -n iap-rest

NAME                                         READY   STATUS    RESTARTS        AGE

log1-logforwarder-f6gvj                      1/1     Running   0               11h

log1-logforwarder-ls4hn                      1/1     Running   0               11h

log1-logforwarder-phk4t                      1/1     Running   0               11h

log1-logforwarder-z2mz7                      1/1     Running   0               11h

As the Log Forwarder is deployed as a DaemonSet, one instance of Log Forwarder is deployed on each node. In this example, one Log Forwarder pod is deployed per node.

For information about configuring the Log Forwarder, refer to the section Configuration Parameters for Forwarding Audits and Logs.

Feedback

Was this page helpful?

Last modified : January 19, 2026