With Ganeti in PoPs we can move forward with provisioning VMs to act as local syslog collectors for devices that don't support encrypted syslog. Said VMs will listen for udp/tcp syslog and forward logs securely to centrallog hosts, and to the logging pipeline as needed/required (cc @ayounsi). These VMs (and centrallog hosts in eqiad/codfw) can double as netconsole receivers too (cfr T242579).
Outline of steps
- Write new role/profile to collect and forward syslog
- Provision VMs (2-4GB ram / 20GB disk should be plenty)
- Setup the VMs to attract anycast syslog traffic