Configure syslog server for audit logs

If you want to archive audit logs onto an external syslog server, you can configure communications between that server and the storage array. After the connection is established, audit logs are automatically saved to the syslog server.

Before you begin

Procedure

  1. Select Settings > Access Management.
  2. From the Audit Log tab, select Configure Syslog Servers.
    The Configure Syslog Servers dialog box opens.
  3. Click Add.
    The Add Syslog Server dialog box opens.
  4. Enter information for the server, and then click Add.
    • Server address – Enter a fully qualified domain name, an IPv4 address, or an IPv6 address.
    • Protocol – Select a protocol from the drop-down list (for example, TLS, UDP, or TCP).
    • Upload certificate (optional) – If you selected the TLS protocol and have not yet uploaded a signed CA certificate, click Browse to upload a certificate file. Audit logs are not archived to a syslog server without a trusted certificate.
      Note: If the certificate becomes invalid later, the TLS handshake will fail. As a result, an error message is posted to the audit log and messages are no longer sent to the syslog server. To resolve this issue, you must fix the certificate on the syslog server and then go to Settings > Audit Log > Configure Syslog Servers > Test All.
    • Port – Enter the port number for the syslog receiver.
    After you click Add, the Configure Syslog Servers dialog box opens and displays your configured syslog server on the page.
  5. To test the server connection with the storage array, select Test All.

Result

After configuration, all new audit logs are sent to the syslog server. Previous logs are not transferred.