Enabling remote logging of audit logs
PDF of this doc site
- Install Unified Manager on VMware vSphere systems
- Install Unified Manager on Linux systems
- Install Unified Manager on Windows systems
Perform configuration and administrative tasks
- Configuring Active IQ Unified Manager
- Using the maintenance console
Monitor and manage storage
- Monitoring and managing clusters from the dashboard
- Provisioning and managing workloads
- Managing and monitoring MetroCluster configurations
Manage events and alerts
- Managing events
Monitor and manage cluster performance
- Navigating performance workflows in the Unified Manager GUI
- Monitoring cluster performance from the Performance Cluster Landing page
- Monitoring performance using the Performance Inventory pages
- Monitoring performance using the Performance Explorer pages
- Collecting data and monitoring workload performance
- Analyzing performance events
Monitor and manage cluster health
Common Unified Manager health workflows and tasks
- Monitoring and troubleshooting data availability
- Managing backup and restore operations
- Common Unified Manager health workflows and tasks
Protect and restore data
- Creating and troubleshooting protection relationships
Generate custom reports
- Sample custom reports
You can select the Enable Remote Logging checkbox on the Configure Audit Logs dialog box to enable remote audit logging. You can use this feature to transfer audit logs to a remote Syslog server. This will enable you to manage your audit logs when there are space constraints.
The remote logging of audit logs provides a tamper-proof backup in case the audit log files on the Active IQ Unified Manager server are tampered.
In the Configure Audit Logs dialog box, select the Enable Remote Logging checkbox.
Additional fields to configure remote logging are displayed.
Enter the HOSTNAME and PORT of the remote server you want to connect to.
In the SERVER CA CERTIFICATE field, click BROWSE to select a public certificate of the target server.
The certificate should be uploaded in
.pemformat. This certificate should be obtained from the target Syslog server and should not have expired. The certificate should contain the selected “hostname” as part of the
Enter the values for the following fields: CHARSET, CONNECTION TIMEOUT, RECONNECTION DELAY.
The values should be in milliseconds for these fields.
Select the required Syslog format and TLS protocol version in the FORMAT and PROTOCOL fields.
Select the Enable Client Authentication checkbox if the target Syslog server requires certificate based authentication.
You will need to download client authentication certificate and upload it to the Syslog server before saving the Audit Log configuration, otherwise the connection will fail. Depending on the type of Syslog server, you might need to create a hash of the client authentication certificate.
Example: syslog-ng requires a <hash> of the certificate to be created using the command
openssl x509 -noout -hash -in cert.pem, and then you should symbolically link the client authentication certificate to a file named after the <hash> .0.
Click Save to configure the connection with your server and enable remote logging.
You will be redirected to the Audit Logs page.