Configure the Control Room to export Audit Log entries in Syslog format to remote Syslog compatible log management servers.

Prerequisites

Ensure the Syslog servers are configured and ready.

Pushing Audit Log entries to remote Syslog servers enables you to integrate and leverage advance searching and reporting features of security information and event management (SIEM) solutions. To configure server(s) where audit records will be sent in standard Syslog format do the following:

Procedure

  1. Navigate to Administration > Settings > Syslog Service.
  2. Click Edit.
  3. Click the plus icon.
  4. Enter the following Syslog server details.
    Name Description
    Syslog Server Hostname Fully Qualified Domain Name (FQDN) or IP Address of the remote Syslog server to send records.
    Port Port that the remote Syslog server uses to receive incoming Syslog records (for example, 514)
    Protocol Network protocol that the Syslog server uses (TCP or UDP)
    Use Secure Connection Use a TLS encrypted channel to send Syslog records to the remote server.

    This option is available for TCP protocol only.
  5. Click the plus icon to add more servers and enter server details.
  6. Click Save changes.

Next steps

After you configure the Syslog server(s) in the Control Room, each time there is an entry recorded in the Audit Log, a corresponding message is generated and sent to the configured Syslog server. Older entries of the Audit Log will not be available in the Syslog server.