Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CTE-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Widows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Connection Manager

Syslog

search

Please Note:

You are not viewing the most recent version of this page. 2.19 is the latest version available.

printsuggest an editpdf paneldownload

Syslog

Syslog connections to the CipherTrust Manager can be configured using the following:

Note

CipherTrust Manager can have a total of 64 log forwarder connections. Each Elasticsearch, Loki, and Syslog connection is counted towards the 64 connection total.

copy link to clipboardManaging Syslog Connections using GUI

  • Host: IP address or hostname of the Syslog server.

  • Port: port number for connecting to the Syslog server.

  • Transport Format: select the transport mode for sending data. The TLS mode requires a trusted CA certificate in the PEM format.

    Note

    If you set the transport format to UDP, log messages are limited to a size of 1024 bytes. After this size, the log message is truncated.

  • CA Cert: either upload the CA certificate or paste the certificate content. Make sure the server certificate contains the valid IP SANs.

    • Upload CSR: select and click Upload CSR to upload the trusted CA certificate from your machine.

    • Text: select and paste the certificate content in the text field.

  • Message Format: select the log message format.

Click Test Credentials to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.

Click Next to move to the Add Products screen of the Add Connection wizard.

copy link to clipboardManaging Syslog Connections using ksctl

The following operations can be performed:

  • Create/Get/Update/Delete a Syslog connection

  • List all Syslog connections

  • Test an existing Syslog connection

  • Test the new Syslog connection parameters before establishing the connection

Note

The host, port, and transport are the mandatory parameters for Syslog connections. The supported transport modes for sending data are tls, tcp, and udp. The tls mode requires a trusted CA certificate in the PEM format.

Note

In a multi-node clustered environment, the Syslog connections configuration is synchronized. Each node is aware of all the Syslog servers and Syslog messages are sent from the currently active node. This implies, that if an event that results in an audit record is performed on node 1, the Syslog message will originate from node 1. Similarly, if an audit event is conducted on node 2, the Syslog message will originate from node 2.

copy link to clipboardLog Message Formats

The supported message formats for Syslog are:

  • rfc5424 (default)

  • rfc3164

  • cef

  • leef

Examples

rfc5424 (plaintext)

2022-06-29T04:54:42.868478Z - CipherTrust_Manager_k170v citrus Server_Audit - ...{"principal":{"acct":"kylo:kylo:admin:accounts:kylo","sub":"local|d7c6473a-286d-4e10-9455-3f078743d4a5","acc":"kylo","iss":"kylo"},"requestId":"c6ce87a7-1775-4d4e-92ad-67e031b620f9","success":true,"username":"admin","details":{"category":"cloud","identifier":"Syslog Connection","name":"Syslog Connection","port":555,"service":"syslog"},"account":"kylo:kylo:admin:accounts:kylo","id":"d0a8f585-35b3-4414-99c1-c21db5d244d1","domain_id":"00000000-0000-0000-0000-000000000000","message":"Update connection","severity":"info","service":"citrus"}

rfc3164

Jun 29 04:58:56 CipherTrust_Manager_k170v[citrus]: {"requestId":"bceb9c29-fda7-4cd5-ae9c-6521b4913a09","success":true,"username":"admin","details":{"identifier":"Syslog Connection","name":"Syslog Connection","port":555,"service":"syslog","category":"cloud"},"severity":"info","id":"27dc8135-24be-4ee7-8b26-157f53bd6264","account":"kylo:kylo:admin:accounts:kylo","domain_id":"00000000-0000-0000-0000-000000000000","service":"citrus","message":"Update connection","principal":{"acc":"kylo","iss":"kylo","acct":"kylo:kylo:admin:accounts:kylo","sub":"local|d7c6473a-286d-4e10-9455-3f078743d4a5"}}

cef

Jun 29 05:01:43 CEF:0|Thales Group|CipherTrust_Manager_k170v|2.9.0-beta7+7422|Server_Audit|Update connection|1|log={"requestId":"b280abc6-4e88-46e4-9550-09409978a2e1","success":true,"username":"admin","details":{"identifier":"Syslog Connection","name":"Syslog Connection","port":4444,"service":"syslog","category":"cloud"},"account":"kylo:kylo:admin:accounts:kylo","id":"b575dba4-0fc4-4ce9-8d04-215b29f9efea","domain_id":"00000000-0000-0000-0000-000000000000","severity":"info","service":"citrus","message":"Update connection","principal":{"acc":"kylo","sub":"local|d7c6473a-286d-4e10-9455-3f078743d4a5","acct":"kylo:kylo:admin:accounts:kylo","iss":"kylo"}}

leef

Jun 29 05:03:47 LEEF:2.0|Thales Group|CipherTrust_Manager_k170v|2.9.0-beta7+7422|Server_Audit|^|log={"account":"kylo:kylo:admin:accounts:kylo","id":"2ebf0f96-396c-4626-9f48-f425d21f358d","service":"citrus","principal":{"sub":"local|d7c6473a-286d-4e10-9455-3f078743d4a5","acc":"kylo","iss":"kylo","acct":"kylo:kylo:admin:accounts:kylo"},"domain_id":"00000000-0000-0000-0000-000000000000","requestId":"2a7c2428-ee7c-4864-a93f-820b303c958c","severity":"info","success":true,"message":"Update connection","username":"admin","details":{"category":"cloud","identifier":"Syslog Connection","name":"Syslog

copy link to clipboardCreating a Syslog Connection

To create a Syslog connection, run:

Syntax

ksctl connectionmgmt log-forwarder syslog create --name <connection-name> --products <products-name> --description <description> --host <host> --port <port> --transport <transport-protocol> --ca-cert <ca-cert> --message-format <message-format> --meta <Key:Value>

The supported transport mode for sending data are tls, tcp, and udp. The tls mode requires a trusted CA certificate in the PEM format. In udp mode, log messages are limited to a size of 1024 bytes. After this size, the log message is truncated.

Example Request

ksctl connectionmgmt log-forwarder syslog create --name syslog-conn-1 --description conn-description --host 127.0.0.1 --port 1234 --transport tcp --message-format efc5425

Example Response

{
    "id": "2ecc1922-57e2-416d-9023-95720419fa25",
    "uri": "kylo:kylo:connectionmgmt:connections:syslog-conn-1-2ecc1922-57e2-416d-9023-95720419fa25",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2022-05-05T04:53:58.893569708Z",
    "updatedAt": "2022-05-05T04:53:58.890021892Z",
    "service": "syslog",
    "category": "log-forwarders",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "syslog-conn-1",
    "description": "conn-description",
    "host": "127.0.0.1",
    "port": 1234,
    "syslog_params": {
        "transport": "tcp",
        "message_format": "rfc5424"
    }
}

copy link to clipboardGetting Details of a Syslog Connection

To get details of a Syslog connection, run:

Syntax

ksctl connectionmgmt log-forwarder syslog get --id <Connection-Name/ID>

Example Request

ksctl connectionmgmt log-forwarder syslog get –id 2ecc1922-57e2-416d-9023-95720419fa25

Example Response

{
    "id": "2ecc1922-57e2-416d-9023-95720419fa25",
    "uri": "kylo:kylo:connectionmgmt:connections:syslog-conn-1-2ecc1922-57e2-416d-9023-95720419fa25",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2022-05-05T04:53:58.893569708Z",
    "updatedAt": "2022-05-05T04:53:58.890021892Z",
    "service": "syslog",
    "category": "log-forwarders",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "syslog-conn-1",
    "description": "conn-description",
    "host": "127.0.0.1",
    "port": 1234,
    "syslog_params": {
        "transport": "tcp",
        "message_format": "rfc5424"
    }
}

copy link to clipboardUpdating a Syslog Connection

To update a Syslog connection, run:

Syntax

ksctl connectionmgmt log-forwarder syslog modify –id <Connection-Name/ID> --products <products-name> --description <description> --host <host> --port <port> --transport <transport-protocol --ca-cert <ca-cert> --message-format <message-format> --meta <Key:Value>

The supported transport mode for sending data are tls, tcp, and udp. The tls mode requires a trusted CA certificate in the PEM format.

Example Request

ksctl connectionmgmt log-forwarder syslog modify --id 9d3af367-d4a3-4838-8663-ce07d3e88353 --host 127.0.0.1

Example Response

{
    "id": "2ecc1922-57e2-416d-9023-95720419fa25",
    "uri": "kylo:kylo:connectionmgmt:connections:syslog-conn-1-2ecc1922-57e2-416d-9023-95720419fa25",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2022-05-05T04:53:58.893569708Z",
    "updatedAt": "2022-05-05T04:53:58.890021892Z",
    "service": "syslog",
    "category": "log-forwarders",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "syslog-conn-1",
    "description": "conn-description",
    "host": "127.0.0.1",
    "port": 1234,
    "syslog_params": {
        "transport": "tcp",
        "message_format": "rfc5424"
    }
}

copy link to clipboardDeleting a Syslog Connection

To delete a Syslog connection, run:

Syntax

ksctl connectionmgmt log-forwarder syslog delete --id <Connection-Name/ID>

Example Request

ksctl connectionmgmt log-forwarder syslog delete --id 9d3af367-d4a3-4838-8663-ce07d3e88353

Example Response

There will be no response if the Syslog connection is deleted successfully.

copy link to clipboardGetting List of Syslog Connections

To list all the Syslog connections, run:

Syntax

ksctl connectionmgmt log-forwarder syslog list

Example Request

ksctl connectionmgmt log-forwarder syslog list

Example Response

{
    "skip": 0,
    "limit": 10,
    "total": 1,
    "resources": [
        {   "id": "2ecc1922-57e2-416d-9023-95720419fa25",
            "uri": "kylo:kylo:connectionmgmt:connections:syslog-conn-1-2ecc1922-57e2-416d-9023-95720419fa25",
            "account": "kylo:kylo:admin:accounts:kylo",
            "createdAt": "2022-05-05T04:53:58.893569708Z",
            "updatedAt": "2022-05-05T04:53:58.890021892Z",
            "service": "syslog",
            "category": "log-forwarders",
            "last_connection_ok": null,
            "last_connection_at": "0001-01-01T00:00:00Z",
            "name": "syslog-conn-1",
            "description": "conn-description",
            "host": "127.0.0.1",
            "port": 1234,
            "syslog_params": {
                "transport": "tcp",
                "message_format": "rfc5424"
            }
        }
    ]
}

copy link to clipboardTesting an Existing Syslog Connection

To test an existing Syslog connection, run:

Syntax

ksctl connectionmgmt log-forwarder syslog test --id <Connection-Name/ID>

Example Request

ksctl connectionmgmt log-forwarder syslog test --id 9d3af367-d4a3-4838-8663-ce07d3e88353

Example Response

{
    "connection_ok": true
}

copy link to clipboardTesting a New Syslog Connection

To test the parameters of a New Syslog connection, run:

Syntax

ksctl connectionmgmt log-forwarder syslog test --host <host> --port <port> --transport <transport-protocol> --ca-cert <ca-cert>

Example Request

ksctl connectionmgmt log-forwarder syslog test --host 127.0.0.1 --port 1234 --transport tcp

Example Response

{
    "connection_ok": true
}

On this page