docs: reference log forwarding runbook in sensor proxy guides
This commit is contained in:
parent
4693900f8b
commit
dca562b7b4
3 changed files with 8 additions and 1 deletions
|
|
@ -966,6 +966,9 @@ ls -l /run/pulse-sensor-proxy/pulse-sensor-proxy.sock
|
|||
journalctl -u pulse-sensor-proxy -f
|
||||
```
|
||||
|
||||
Forward these logs off-host for retention by following
|
||||
[operations/sensor-proxy-log-forwarding.md](operations/sensor-proxy-log-forwarding.md).
|
||||
|
||||
In the Pulse container, check the logs at startup:
|
||||
```bash
|
||||
# Should see: "Temperature proxy detected - using secure host-side bridge"
|
||||
|
|
|
|||
|
|
@ -243,6 +243,10 @@ journalctl -u pulse-sensor-proxy -f
|
|||
journalctl -u pulse-backend -f
|
||||
```
|
||||
|
||||
Want off-host retention? Forward `audit.log` and `proxy.log` using
|
||||
[`scripts/setup-log-forwarding.sh`](operations/sensor-proxy-log-forwarding.md)
|
||||
so events land in your SIEM with RELP + TLS.
|
||||
|
||||
**Audit rotation**: Use the steps in [operations/audit-log-rotation.md](operations/audit-log-rotation.md) to rotate `/var/log/pulse/sensor-proxy/audit.log`. After each rotation, restart the proxy and confirm temperature pollers are healthy in `/api/monitoring/scheduler/health` (closed breakers, no DLQ entries).
|
||||
|
||||
### Security Events to Monitor
|
||||
|
|
|
|||
|
|
@ -49,4 +49,4 @@ podman run --seccomp-profile /opt/pulse/security/seccomp/pulse-sensor-proxy.json
|
|||
|
||||
## Operational Notes
|
||||
- Use `journalctl -t auditbeat -g pulse-sensor-proxy` or `aa-status` to confirm profile status.
|
||||
- Pair with network ACLs (see `docs/security/pulse-sensor-proxy-network.md`) and log shipping (`scripts/setup-log-forwarding.sh`).
|
||||
- Pair with network ACLs (see `docs/security/pulse-sensor-proxy-network.md`) and log shipping via [`scripts/setup-log-forwarding.sh` + the RELP runbook](../operations/sensor-proxy-log-forwarding.md).
|
||||
|
|
|
|||
Loading…
Reference in a new issue