Remote System Logging

Remote system logging allows you to send logs from your SafeNet Luna Network HSM to a central syslog server on the network.

You can use lunash:> syslog remotehost to specify the central syslog server.

>Configuring a Remote Syslog Server

>Customizing Remote Logging Severity Levels

Configuring a Remote Syslog Server

Use the following procedure to configure remote system logging. Most Linux distributions include rsyslog as the standard syslog daemon. Refer to your Linux documentation for instructions that describe how to configure rsyslog on Linux.

NOTE   The remote server must have the appropriate port open to receive the logs (UDP port 514 by default). Refer to your operating system and firewall documentation for more information. If you need to use a different port or TCP protocol, specify it when you add the remote server's IP or hostname.

To send logs to a remote syslog server

1.Add the remote server's IP or hostname to the remote logging configuration.

lunash:> syslog remotehost add -host <hostname/IP> [-protocol <protocol>] [-port <port>]

lunash:>syslog remotehost add -host 192.10.10.101

Stopping syslog:                                           [  OK  ]

Starting syslog:                                           [  OK  ]

192.10.10.101 added successfully
Make sure the rsyslog service on 192.10.10.101 is properly configured to receive the logs

Command Result : 0 (Success)

By default, the remote server will now receive lunalogs, messages, secure, and boot logs at the info level and above, and cron logs at the notice level and above. See Customizing Remote Logging Severity Levels to specify which logs to send to which remote server.

2. On the receiving or target system, start the rsyslog daemon or service to allow it to receive logs from your SafeNet Luna Network HSM appliance(s).
Refer to your receiving/logging platform's operating system documentation for more information on configuring and [re]starting the rsyslog daemon or service.

3.Optionally, confirm the remote logging settings.

lunash:> syslog show

Remote Configured Log Levels:
-----------------------------
lunalogs:
  192.10.10.100       info
  192.10.10.101       info
messages:
  192.10.10.100       info
  192.10.10.101       info
cron:
  192.10.10.100       notice
  192.10.10.101       notice
secure:
  192.10.10.100       info
  192.10.10.101       info
boot:
  192.10.10.100       info
  192.10.10.101       info

Customizing Remote Logging Severity Levels

There is no limit on the number of remote logging servers you can add, and you can configure the severity level for each server and log type independently (see Log Severity Levels for a description of the different levels). For example, you could send all log entries produced by the appliance to one remote server, and only entries marked critical or higher to another server.

NOTE   This feature requires minimum appliance software version 7.2. See Version Dependencies by Feature for more information.

To customize remote logging severity

1.Set the severity level for the desired log type (lunalogs,messages,cron,secure,boot), specifying a remote server you already added to the configuration.

lunash:> syslog severity set -logname <logname> -loglevel <loglevel> -host <hostname/IP>

lunash:>syslog severity set -logname lunalogs -loglevel critical -host 192.10.10.101

This command sets the severity level of lunalogs remote log messages.
Only messages with the severity equal to or higher than the new
log level: "critical" will be sent to 192.10.10.101.

Stopping syslog:                                           [  OK  ]

Starting syslog:                                           [  OK  ]

Command Result : 0 (Success)

2.Optionally, confirm the new settings.

lunash:> syslog show

Remote Configured Log Levels:
-----------------------------
lunalogs:
  192.10.10.100       info
  192.10.10.101       critical
messages:
  192.10.10.100       info
  192.10.10.101       info
cron:
  192.10.10.100       notice
  192.10.10.101       notice
secure:
  192.10.10.100       info
  192.10.10.101       info
boot:
  192.10.10.100       info
  192.10.10.101       info

3.Repeat step 1, specifying each log type severity level you wish to customize (lunalogs,messages,cron,secure,boot).