You can archive audit logs onto an external syslog server.
Before configuring a syslog server, keep the following guidelines in mind.
- Make sure you know the server address, protocol, and port number. The server address can be a fully qualified domain name, an IPv4 address, or an IPv6 address.
- If your server uses a secure protocol (for example, TLS), a Certificate Authority (CA) certificate must be available on your local system. CA certificates identify website owners for secure connections between
servers and clients.
- After configuration, all new audit logs are sent to the syslog server. Previous logs are not transferred.
- The Overwrite Policy settings (available from View/Edit Settings) do not affect how logs are managed with a syslog server configuration.
- Audit logs follow the RFC 5424 messaging format.