Forwarding the audit log to a destination

You can forward the audit log to a maximum of 10 destinations that you specify by using the cluster log-forwarding create command. For example, you can forward the log to a Splunk or syslog server for monitoring, analysis, or backup purposes.

About this task

If the cluster log-forwarding create command cannot ping the destination host to verify connectivity, the command fails with an error. Although not recommended, using the -force parameter with the command bypasses the connectivity verification.

You can configure transmission security options when forwarding log files:

Steps

  1. For each destination that you want to forward the audit log to, specify the destination IP address or host name and any security options.
    Example
    cluster1::> cluster log-forwarding create -destination 192.168.123.96 
    -port 514 -facility user
    
    cluster1::> cluster log-forwarding create -destination 192.168.123.98 
    -port 514 -protocol tcp-encrypted -facility user
  2. Verify that the destination records are correct by using the cluster log-forwarding show command.
    Example
    cluster1::> cluster log-forwarding show
    
                                                     Verify Syslog
    Destination Host          Port   Protocol        Server Facility
    ------------------------- ------ --------        ------ --------
    192.168.123.96            514    udp-unencrypted false  user
    192.168.123.98            514    tcp-encrypted   true   user
    2 entries were displayed.