Configure syslog-ng to accept syslog from NetHSM and promtail to consume syslog and forward to loki

The NetHSM can be configured to forward its own syslog to another host. As the device is supposed to be physically connected to the signing service host, the signing service host is the logical place for syslog aggregation.

For this we need a syslog-ng configuration, that consumes syslog from n NetHSM devices ~~and forwards them to the local journal (each in a separate namespace!)~~.

A promtail configuration is then setup to consume the syslog and send it to loki over a wireguard tunnel.

Edited Sep 21, 2024 by David Runge

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

Configure syslog-ng to accept syslog from NetHSM and promtail to consume syslog and forward to loki