SA Cfg: Configure a Destination to Receive Global Audit Logs

Document created by RSA Information Design and Development on Jul 22, 2016Last modified by RSA Information Design and Development on Dec 2, 2016
Version 4Show Document
  • View in full screen mode
  

In Global Audit Logging, Syslog Notification Servers are the configurations that define the destinations to receive global audit logs. You need to configure a Syslog Notification Server to use Global Audit Logging. You can define a third-party syslog server or a Log Decoder as the destination to receive the audit logs.

Configure a Syslog Notification Server for a Third-Party Syslog Server

  1. In the Security Analytics menu, select Administration > System.
  2. In the options panel, select Global Notifications.
  3. Click the Servers tab.

Note: You do not need to configure the Output tab for Global Audit Logging.

  1. From the drop-down menu, select Syslog.
    The Define Syslog Notification Server dialog is displayed.
  2. Configure the Syslog notification server as described in the following table.                                     
    FieldDescription
    EnableSelect to enable the notification server.
    NameA name to identify or label the third-party syslog server.
    Description(Optional) A brief description of the notification server.
    Server IP or HostnameThe third-party syslog server hostname or IP address.
    Server PortThe port number where the target syslog process is listening.
    ProtocolThe protocol to be used for transferring formatted audit logs to the third-party syslog server.
    FacilityThe syslog facility to be used for writing formatted audit logs to the third-party syslog server.

The Max Alerts Per Minute and Max Alert Wait Queue Size fields are not used for Global Audit Logging.

  1. Click Save.

Configure a Syslog Notification Server for a Log Decoder

  1. In the Security Analytics menu, select Administration > System.
  2. In the options panel, select Global Notifications.
  3. Click the Servers tab.

Note: You do not need to configure the Output tab for Global Audit Logging.

  1. From the   drop-down menu, select Syslog.
    The Define Syslog Notification Server dialog is displayed.
  2. Configure the Syslog notification server as described in the following table.                                     
    FieldDescription
    EnableSelect to enable the notification server.
    NameA name to identify or label the Log Decoder syslog notification server.
    Description(Optional) A brief description of the notification server.
    Server IP or HostnameThe Log Decoder hostname or IP address.
    Server PortThe port number where the target syslog process is listening. 
    ProtocolThe protocol to be used for transferring formatted audit logs to the Log Decoder.
    FacilityThe Syslog facility to be used for writing formatted audit logs to the Log Decoder. 

The Max Alerts Per Minute and Max Alert Wait Queue Size fields are not used for Global Audit Logging.

  1. Click Save.

Next Steps

Select a default Audit Logging template to use for Global Audit Logging. If necessary, you can define your own custom template. Define a Template for Global Audit Logging provides additional information.

You are here
Table of Contents > Standard Procedures > Configure Global Audit Logging > Configure a Destination to Receive Global Audit Logs

Attachments

    Outcomes