Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

CipherTrust Manager System Monitoring

Syslogs

search

Please Note:

printsuggest an editpdf paneldownload

Syslogs

copy link to clipboardTimezone Configuration

CipherTrust Manager server audit records and client audit records are always recorded in UTC time zone, in keeping with RFC 3339. This is important to note when you configure any external logging system such as a log forwarder or legacy syslog connection.

copy link to clipboardAdd a new Syslog Server

The preferred Syslog configuration is through Connection Manager and Log Forwarders commands and menus. The syslog configuration is specific to the domain it is created in.

Note

Upgraded CipherTrust Manager instances can have existing syslog connections through Admin Settings, which will be removed in a future release. Syslog servers configured as log forwarders can forward client audit records, while syslog servers configured through Admin Settings cannot.

copy link to clipboardAdd a Syslog Connection with Connection Manager

The preferred Syslog configuration is through Connection Manager. Provide the following values:

  • Host: IP address or hostname of the Syslog server.

  • Port: port number for connecting to the Syslog server.

  • Transport Format: select the transport mode for sending data. The TLS mode requires a trusted CA certificate in the PEM format.

    Note

    If you set the transport format to UDP, log messages are limited to a size of 1024 bytes. After this size, the log message is truncated.

  • CA Cert: either upload the CA certificate or paste the certificate content. Make sure the server certificate contains the valid IP SANs.

  • Upload CSR: select and click Upload CSR to upload the trusted CA certificate from your machine.

  • Text: select and paste the certificate content in the text field.

  • Message Format: select the log message format.

copy link to clipboardAdd a Syslog Log Forwarder

Once you have added a syslog connection, you can create a syslog log forwarder on CipherTrust Manager to forward KMIP activity logs, NAE activity logs, server audit records, and client audit records to Syslog server.

To add a Syslog log forwarder, you must provide:

  • a connection ID of the Syslog connection manager (refer to Connection Manager for details)

  • a connection name for the log forwarder configuration

You can optionally activate/deactivate:

  • forward logs for activity kmip

  • forward logs for activity nae

  • forward logs for client audit records

  • forward logs for server audit records

copy link to clipboardSyntax for Syslog

ksctl log-forwarders add syslog --name <name of log forwarder> --connection-id <Syslog ConnectionID/Name> --forward-client-audit-records <true/false> --forward-logs-activity-kmip <true/false> --forward-logs-activity-nae <true/false> --forward-server-audit-records <true/false>]

copy link to clipboardLog Forwarder Redirection

Log forwarder redirection is a setting to send audit records, NAE activity logs, or KMIP activity logs from a child domain to the log forwarder configured for a higher-level domain.

When an audit record, NAE activity log, or KMIP activity log is created in a child domain with log forwarder redirection, CipherTrust Manager checks the domain's immediate parent for a configured log forwarder. If the immediate parent also has log redirection enabled, CipherTrust Manager also checks its parent, the child domain's grandparent, for a configured log forwarder. CipherTrust Manager continues checking for log forwarders further up the domain hierarchy every time it finds the log redirection setting. Every time CipherTrust Manager finds a configured log forwarder in a domain, it forwards log messages to that log forwarder.

Note

  • Log forwarder redirection can be enabled even if higher level domains do not have a log forwarder configured. In that situation, logs from the child domain are not forwarded.

  • If you have log redirection enabled and log forwarders configured at multiple consecutive levels in a domain hierarchy, the same log message can be forwarded to multiple log forwarders. To consolidate messages, we recommend configuring only one log forwarder in a domain hierarchy, at the highest domain level possible.

  • We recommend that administrators of parent domains are aware of log forwarding settings for child domains. If there is a need to track where logs from a particular domain are forwarded, employees from your organization might need to login to several domains to view log forwarder and log forwarder redirection settings.

Users in the Domain Admins or Application Administrators group, such as admin can enable or disable log forwarder redirection. When a new child domain is created, log forwarder redirection is enabled by default. Existing child domains which were created in a version lower than 2.16.0 have log forwarder redirection disabled after upgrade.

Enabling or disabling log forwarder redirection in web console UI:

  1. Login to the child domain as a user in the Domain Admins or Application Administrators group, such as admin.

  2. Navigate to Admin Settings > Logs.

  3. Click the Redirect Log Forwarder toggle to enable or disable log forwarder redirection.

Enabling or disabling log forwarder redirection in ksctl CLI:

Login to the child domain as a user in the Domain Admins or Application Administrators group, such as admin. For example:

ksctl login --user <user_with_domain_admin_permission> --password <user_password> --domain <domain_name_or_id>

  • The following command disables log forwarder redirection.

    ksctl domains log-forwarders-redirection disable

  • The following command enables log forwarder redirection.

    ksctl domains log-forwarders-redirection enable

  • The following command displays log forwarder redirection status

    ksctl domains log-forwarders-redirection status

copy link to clipboardModifying Legacy Connection to a Syslog Server

Updating a syslog server connection managed through Connection Manager is described on the Connection Manager page. The following instructions describe how to update legacy syslog server connections managed through admin settings. The table below indicates editable parameters.

ParameterDescription
Hostname or IP addressHostname or IP address of the Syslog server.
PortPort of the Syslog server. The default port is 514.
Log Format

Format in which the audit records are transferred to the Syslog server. The options are:

  • CEF
  • LEEF
  • RFC5424
  • Plain Message

The default log format is RFC5424. This format adheres to the Syslog Protocol RFC 5424 guidelines.

TransportTransport protocol for the Syslog connection. The options are UDP, TCP, and TLS.
The default protocol is UDP. With UDP, log messages are limited to a size of 1024 bytes. After this size, the log message is truncated.
CertificateTrusted CA certificate in the PEM format. This field is available when the transport protocol is TLS.

To modify the connection to a legacy Syslog server:

  1. Log on to the CipherTrust Manager console as administrator.

  2. Click Admin Settings to open the application.

  3. Click Notifications > Syslog. The Syslog Settings section is displayed on the right. This section displays the configured connections to Syslog servers.

  4. Click the ellipsis icon corresponding to the desired connection and click Edit.

    Note

    To delete a connection, click Delete.

  5. Modify the fields as required.

  6. Save the changes.

copy link to clipboardManaging Syslog Messages Redirection to Parent Domain (Legacy Syslog) using ksctl

Syslog messages redirection allows you to send the legacy syslog messages of the current domain to the syslog server configured in its parent domain. If the current domain is receiving the syslog messages from its child domain, those syslog messages will also be sent to the syslog server configured in the parent domain of the current domain.

On this page