Syslogs
Audit records are logged to a local database by default. This is suitable for production systems and clusters with a limited load. However, for clusters that support a large number of transactions, it is recommended to configure the CipherTrust Manager to disable logging to a local database and enable logging using remote Syslog server(s). This significantly reduces the cluster traffic and disk usage. This section describes how to configure the connection to a remote Syslog server on the CipherTrust Manager.
The following table lists the parameters that are required when configuring the connection to a Syslog server on the CipherTrust Manager:
Parameter | Description |
---|---|
Hostname or IP address | Hostname or IP address of the Syslog server. |
Port | Port of the Syslog server. The default port is 514. |
Log Format | Format in which the audit records are transferred to the Syslog server. The options are:
The default log format is RFC5424. This format adheres to the Syslog Protocol RFC 5424 guidelines. |
Transport | Transport protocol for the Syslog connection. The options are UDP, TCP, and TLS. The default protocol is UDP. |
Certificate | Trusted CA certificate in the PEM format. This field is available when the transport protocol is TLS. |
Configuring Connection to a Syslog Server
To configure the connection to a Syslog server:
Log on to the CipherTrust Manager console as administrator.
Click Admin Settings to open the application.
Click Syslog. The Syslog Settings section is displayed on the right. This section displays the configured connections to Syslog servers.
Click Add Syslog Server. The Add Syslog Server dialog box is displayed.
Specify the following details:
Hostname or IP Address: Specify the hostname or IP address of the Syslog server.
Port: Specify the port of the Syslog server.
Log Format: Select a log format from the drop-down list. The default log format is RFC5424.
Transport: Select a transport protocol from the drop-down list. The default protocol is UDP.
Certificate: This field appears when TLS is selected as the transport protocol. Paste the content of the trusted CA certificate.
Click Save. The connection to the Syslog server is configured. The connection appears under the Syslog Settings section.
Modifying Connection to a Syslog Server
To modify the connection to a Syslog server:
Log on to the CipherTrust Manager console as administrator.
Click Admin Settings to open the application.
Click Notifications > Syslog. The Syslog Settings section is displayed on the right. This section displays the configured connections to Syslog servers.
Click the ellipsis icon corresponding to the desired connection and click Edit.
Note
To delete a connection, click Delete.
Modify the fields as required.
Save the changes.
Managing Syslog Messages Redirection to Parent Domain using ksctl
Syslog messages redirection allows you to send the syslog messages of the current domain to the syslog server configured in its parent domain.
If the current domain is receiving the syslog messages from its child domain, those syslog messages will also be sent to the syslog server configured in the parent domain of the current domain. For more details, refer to Managing Syslog Messages Redirection using ksctl.