From 8e84b9ca5ce185003c341252a997464de7b29bf7 Mon Sep 17 00:00:00 2001
From: Mark Nellemann <mark.nellemann@gmail.com>
Date: Wed, 24 Mar 2021 08:05:14 +0100
Subject: [PATCH] More logging examples.

---
 doc/aix-errlogger.md |  5 ++++-
 doc/power-hmc.md     | 24 ++++++++++++++++++++++++
 doc/rsyslog-auth.md  | 16 ++++++++++++++++
 3 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 doc/power-hmc.md
 create mode 100644 doc/rsyslog-auth.md

diff --git a/doc/aix-errlogger.md b/doc/aix-errlogger.md
index 77acd4b..bb6ab6c 100644
--- a/doc/aix-errlogger.md
+++ b/doc/aix-errlogger.md
@@ -2,7 +2,7 @@
 
 Instructions for how to forward errlogger messages from IBM AIX and IBM Power Systems VIO Servers to a remote logging solution.
 
-More information on the AIX errlogger is available on the IBM [knowledge center](https://www.ibm.com/support/knowledgecenter/ssw_aix_72/generalprogramming/error_notice.html).
+More information about the AIX errlogger is available on the IBM [knowledge center](https://www.ibm.com/support/knowledgecenter/ssw_aix_72/generalprogramming/error_notice.html).
 
 ## On each AIX / VIO Server
 
@@ -24,6 +24,9 @@ Add the following to the /etc/syslog.conf file:
 
 # Also log to a local file, rotated daily and kept for 7 days
 *.warn /var/log/error.log rotate time 1d files 7
+
+# Optionally log authentication messages to remote host
+#auth.info,authpriv.info @10.32.64.29
 ```
 We use *10.32.64.1* as our remote syslog server in the above example.
 
diff --git a/doc/power-hmc.md b/doc/power-hmc.md
new file mode 100644
index 0000000..83b1396
--- /dev/null
+++ b/doc/power-hmc.md
@@ -0,0 +1,24 @@
+# Power Systems HMC Remote Logging
+
+Instructions for how to forward syslog messages from a IBM Power Systems HMC to a remote logging solution.
+
+More information about HMC logging is available on the IBM [knowledge center](https://www.ibm.com/support/pages/hmc-logging-and-auditing).
+
+
+### Instructions
+
+Network / Firewall must allow UDP (and possible TCP) traffic on port 514 from HMC to the remote syslog server. We use *10.32.64.1* as our remote syslog server in the example below.
+
+To add a remote logging destination:
+
+```shell
+chhmc -c syslog -t udp -s add -h 10.32.64.1 --input "filter_msg_contains_discard_strings=run-parts,slice,session,leases,renewal,0anacron,Session,DHCPREQUEST,DHCPACK,CMD"
+```
+
+In the above example we filter away some messages that we are not interested in forwarding on remotely.
+
+To remove it again:
+
+```shell
+chhmc -c syslog -t udp -s remove -h 10.32.64.1
+```
diff --git a/doc/rsyslog-auth.md b/doc/rsyslog-auth.md
new file mode 100644
index 0000000..fc8399a
--- /dev/null
+++ b/doc/rsyslog-auth.md
@@ -0,0 +1,16 @@
+# rsyslog
+
+Configure rsyslog to forward authentication messages to a remote logging solution. We use *10.32.64.1* as our remote syslog server in this example.
+
+Create a file new file in the **/etc/rsyslog.d** folder (eg. *90-auth.conf*) with the following content:
+
+```text
+# Log authentication messages to remote host
+auth.info,authpriv.info @10.32.64.1
+```
+
+Restart the rsyslog service
+
+```shell
+systemctl restart rsyslogd
+```