Configure syslog server for audit logs
If you want to archive audit logs onto an external syslog server, you can configure communications between that server and the storage array. After the connection is established, audit logs are automatically saved to the syslog server.
-
You must be logged in with a user profile that includes Security admin permissions. Otherwise, the Access Management functions do not appear.
-
The syslog server address, protocol, and port number must be available. The server address can be a fully qualified domain name, an IPv4 address, or an IPv6 address.
-
If your server uses a secure protocol (for example, TLS), a Certificate Authority (CA) certificate must be available on your local system. CA certificates identify website owners for secure connections between servers and clients.
-
Select
. -
From the Audit Log tab, select Configure Syslog Servers.
The Configure Syslog Servers dialog box opens.
-
Click Add.
The Add Syslog Server dialog box opens.
-
Enter information for the server, and then click Add.
-
Server address — Enter a fully qualified domain name, an IPv4 address, or an IPv6 address.
-
Protocol — Select a protocol from the drop-down list (for example, TLS, UDP, or TCP).
-
Upload certificate (optional) — If you selected the TLS protocol and have not yet uploaded a signed CA certificate, click Browse to upload a certificate file. Audit logs are not archived to a syslog server without a trusted certificate.
If the certificate becomes invalid later, the TLS handshake will fail. As a result, an error message is posted to the audit log and messages are no longer sent to the syslog server. To resolve this issue, you must fix the certificate on the syslog server and then go to
. -
Port — Enter the port number for the syslog receiver.
After you click Add, the Configure Syslog Servers dialog box opens and displays your configured syslog server on the page.
-
-
To test the server connection with the storage array, select Test All.
After configuration, all new audit logs are sent to the syslog server. Previous logs are not transferred.