docs: reference log forwarding runbook in sensor proxy guides

This commit is contained in:
rcourtman 2025-11-14 10:37:09 +00:00
parent 4693900f8b
commit dca562b7b4
3 changed files with 8 additions and 1 deletions

View file

@ -966,6 +966,9 @@ ls -l /run/pulse-sensor-proxy/pulse-sensor-proxy.sock
journalctl -u pulse-sensor-proxy -f
```
Forward these logs off-host for retention by following
[operations/sensor-proxy-log-forwarding.md](operations/sensor-proxy-log-forwarding.md).
In the Pulse container, check the logs at startup:
```bash
# Should see: "Temperature proxy detected - using secure host-side bridge"

View file

@ -243,6 +243,10 @@ journalctl -u pulse-sensor-proxy -f
journalctl -u pulse-backend -f
```
Want off-host retention? Forward `audit.log` and `proxy.log` using
[`scripts/setup-log-forwarding.sh`](operations/sensor-proxy-log-forwarding.md)
so events land in your SIEM with RELP + TLS.
**Audit rotation**: Use the steps in [operations/audit-log-rotation.md](operations/audit-log-rotation.md) to rotate `/var/log/pulse/sensor-proxy/audit.log`. After each rotation, restart the proxy and confirm temperature pollers are healthy in `/api/monitoring/scheduler/health` (closed breakers, no DLQ entries).
### Security Events to Monitor

View file

@ -49,4 +49,4 @@ podman run --seccomp-profile /opt/pulse/security/seccomp/pulse-sensor-proxy.json
## Operational Notes
- Use `journalctl -t auditbeat -g pulse-sensor-proxy` or `aa-status` to confirm profile status.
- Pair with network ACLs (see `docs/security/pulse-sensor-proxy-network.md`) and log shipping (`scripts/setup-log-forwarding.sh`).
- Pair with network ACLs (see `docs/security/pulse-sensor-proxy-network.md`) and log shipping via [`scripts/setup-log-forwarding.sh` + the RELP runbook](../operations/sensor-proxy-log-forwarding.md).