Show the Table of Contents

You are here: Administration & Maintenance Manual > HSM Administration > Audit Logging > Audit Logging - Remote file system

Audit Logging (remote file system)

Audit Logging and the HSM Audit role concepts are described here.

 

Remote Audit Logging

With Luna SA, the audit logs can be sent to one or more remote logging servers. Either UDP or TCP protocol can be specified. The default is UDP and port 514.

You or your network administrator will need to adjust your firewall to pass this traffic (iptables).

 

UDP Considerations

If using UDP protocol for logging:   

 

Here is an example to setup a remote Linux system to receive the audit logs using TCP.

  1. Register the remote Linux system IP address or hostname with the Luna SA   
    lunash:> audit remotehost add -host 172.20.9.160 -protocol tcp -port 1660
  2. Modify the remote Linux system “/etc/rsyslog.conf” to receive the audit logs - the following lines highlight the necessary modifications in the rsyslog config file.
    $ModLoad imtcp
    $InputTCPServerRun 514
    $template AuditFormat,"%msg:F,94:2%\n"
    save log messages from Luna SA local3.* /var/log/luna/audit.log;AuditFormat
  3. Modify the remote Linux system “/etc/sysconfig/rsyslog” to receive the remote logs
    # Enables logging from remote machines. The listener will listen to the specified port.
    SYSLOGD_OPTIONS="-r -m 0"
  4. Restart rsyslog daemon on the remote Linux system   
    # service rsyslog restart
  5. Monitor audit logs on the remote Linux system   
    # tail -f /var/log/luna/audit.log

 

 

 

See Also

 

 

Show the Table of Contents