Remote System Logging
Remote system logging allows you to send logs from your SafeNet Luna Network HSM to a central syslog server on the network.
You can use the LunaSH syslog remotehost commands to specify the central syslog server (see syslog remotehost).
>Configuring a Remote Syslog Server
>Customizing Remote Logging Severity Levels
Configuring a Remote Syslog Server
Use the following procedure to configure remote system logging. Most Linux distributions include rsyslog as the standard syslog daemon. Refer to your Linux documentation for instructions that describe how to configure rsyslog on Linux.
NOTE The remote server must have the appropriate port open to receive the logs (UDP port 514 by default). Refer to your operating system and firewall documentation for more information. If you need to use a different port or TCP protocol, specify it when you add the remote server's IP or hostname.
To send logs to a remote syslog server
1.Add the remote server's IP or hostname to the remote logging configuration (see syslog remotehost add).
lunash:>syslog remotehost add -host <hostname/IP> [-protocol <protocol>] [-port <port>]
lunash:>syslog remotehost add -host 192.10.10.101 Stopping syslog: [ OK ] Starting syslog: [ OK ] 192.10.10.101 added successfully Make sure the rsyslog service on 192.10.10.101 is properly configured to receive the logs Command Result : 0 (Success)
By default, the remote server will now receive lunalogs, messages, secure, and boot logs at the info level and above, and cron logs at the notice level and above. See Customizing Remote Logging Severity Levels to specify which logs to send to which remote server.
2. On the receiving or target system, start the rsyslog daemon or service to allow it to receive logs from your SafeNet Luna Network HSM appliance(s).
Refer to your receiving/logging platform's operating system documentation for more information on configuring and [re]starting the rsyslog daemon or service.
3.Optionally, confirm the remote logging settings (see syslog show).
lunash:>syslog show
Remote Configured Log Levels: ----------------------------- lunalogs: 192.10.10.100 info 192.10.10.101 info messages: 192.10.10.100 info 192.10.10.101 info cron: 192.10.10.100 notice 192.10.10.101 notice secure: 192.10.10.100 info 192.10.10.101 info boot: 192.10.10.100 info 192.10.10.101 info
Customizing Remote Logging Severity Levels
There is no limit on the number of remote logging servers you can add, and you can configure the severity level for each server and log type independently (see Log Severity Levels for a description of the different levels). For example, you could send all log entries produced by the appliance to one remote server, and only entries marked critical or higher to another server.
NOTE This feature has software and/or firmware dependencies. See Version Dependencies by Feature for more information.
To customize remote logging severity
1.Set the severity level for the desired log type (lunalogs,messages,cron,secure,boot), specifying a remote server you already added to the configuration (see syslog severity set).
lunash:>syslog severity set -logname <logname> -loglevel <loglevel> -host <hostname/IP>
lunash:>syslog severity set -logname lunalogs -loglevel critical -host 192.10.10.101 This command sets the severity level of lunalogs remote log messages. Only messages with the severity equal to or higher than the new log level: "critical" will be sent to 192.10.10.101. Stopping syslog: [ OK ] Starting syslog: [ OK ] Command Result : 0 (Success)
2.Optionally, confirm the new settings (see syslog show).
lunash:>syslog show
Remote Configured Log Levels: ----------------------------- lunalogs: 192.10.10.100 info 192.10.10.101 critical messages: 192.10.10.100 info 192.10.10.101 info cron: 192.10.10.100 notice 192.10.10.101 notice secure: 192.10.10.100 info 192.10.10.101 info boot: 192.10.10.100 info 192.10.10.101 info
3.Repeat step 1, specifying each log type severity level you wish to customize (lunalogs,messages,cron,secure,boot).