Skip to main content
SANtricity 11.9

Configure syslog server for audit logs

Contributors netapp-jolieg netapp-driley netapp-ivanad

If you want to archive audit logs onto an external syslog server, you can configure communications between that server and the storage array. After the connection is established, audit logs are automatically saved to the syslog server.

Before you begin
  • You must be logged in with a user profile that includes Security admin permissions. Otherwise, the Access Management functions do not appear.

  • The syslog server address, protocol, and port number must be available. The server address can be a fully qualified domain name, an IPv4 address, or an IPv6 address.

  • If your server uses a secure protocol (for example, TLS), a Certificate Authority (CA) certificate must be available on your local system. CA certificates identify website owners for secure connections between servers and clients.

Steps
  1. Select Settings  Access Management.

  2. From the Audit Log tab, select Configure Syslog Servers.

    The Configure Syslog Servers dialog box opens.

  3. Click Add.

    The Add Syslog Server dialog box opens.

  4. Enter information for the server, and then click Add.

    • Server address — Enter a fully qualified domain name, an IPv4 address, or an IPv6 address.

    • Protocol — Select a protocol from the drop-down list (for example, TLS, UDP, or TCP).

    • Upload certificate (optional) — If you selected the TLS protocol and have not yet uploaded a signed CA certificate, click Browse to upload a certificate file. Audit logs are not archived to a syslog server without a trusted certificate.

      Note

      If the certificate becomes invalid later, the TLS handshake will fail. As a result, an error message is posted to the audit log and messages are no longer sent to the syslog server. To resolve this issue, you must fix the certificate on the syslog server and then go to Settings  Audit Log  Configure Syslog Servers  Test All.

    • Port — Enter the port number for the syslog receiver. After you click Add, the Configure Syslog Servers dialog box opens and displays your configured syslog server on the page.

  5. To test the server connection with the storage array, select Test All.

Results

After configuration, all new audit logs are sent to the syslog server. Previous logs are not transferred. To further configure syslog settings for alerts, see Configure syslog server for alerts.

NOTE: If multiple syslog servers are configured, all configured syslog servers will receive an audit log.