Hosts GS: Set Syslog Forwarding

Document created by RSA Information Design and Development on Jul 27, 2016Last modified by RSA Information Design and Development on Jul 27, 2016
Version 2Show Document
  • View in full screen mode
 

You can configure Syslog forwarding to forward the operating system logs of your Security Analytics Hosts to a remote syslog server. You can use the Set Syslog Forwarding task in the Host Task List to enable or disable syslog forwarding.

Set Up and Start Syslog Forwarding

  1. In the Security Analytics menu, select Administration >Services.
  2. In the Services grid, select a service and Actns.png >View> System
    The System view for the service is displayed.
  3. In the Services System view toolbar, click Host Tasks.
  4. In the Host Task List, select Set Syslog Forwarding.
    In the Info area, a brief explanation of the task and the task arguments is displayed.
    SetSyslogF.png
  5. In the Arguments field, do any one of the following.
    • To enable syslog forwarding, specify any one of the following formats:
      • host=<loghost>.<localdomain> (for example, host=syslogserver.local).
      • host=<loghost>.<localdomain>:<port> (for example, host=syslogserver.local:514).
      • host=<IP> (for example, host=10.31.244.244).
      • host=<IP>:<port> (for example, host=10.31.244.244:514).

        The following table lists the parameters used to enable syslog forwarding and its descriptions.

                              
          
        ParameterDescription
        loghostThe host name of the remote syslog server.
        localdomainThe domain of the remote syslog server.
        portIP address of the remote syslog server.
        IPThe port number on which the remote syslog server receives a syslog messages.
    • To disable syslog forwarding, type host=disable.
  6. Click Run.
    The result is displayed in the Output area.
    Once syslog forwarding is enabled or disabled, the /etc/rsyslog.conf file is updated automatically to enable or disable syslog forwarding to the remote syslog destination and the syslog service is restarted. If you enable syslog forwarding, the logs from the configured service are forwarded to the defined syslog server and continues forwarding until disabled.

Note: You can now log in to the remote syslog server and verify if the messages are being received from the Security Analytics services configured for syslog forwarding.

You are here: Additional Host Procedures > Set Syslog Forwarding

Attachments

    Outcomes