SA Cfg: Global Audit Logging Configurations Panel

Document created by RSA Information Design and Development on Jun 25, 2017Last modified by RSA Information Design and Development on Sep 25, 2017
Version 2Show Document
  • View in full screen mode
  

This topic introduces the features of the Administration System view > Global Audit Logging Configurations panel for configuring global audit logging. In the Global Audit Logging Configurations panel, you configure global audit logging by adding configurations that define how global audit logs are forwarded to external syslog systems. Global audit logs are forwarded to the selected Notification Server in your global audit logging configuration using the selected Notification Template. 

Procedures related to global audit logging are described in Configure Global Audit Logging.

To access the Global Audit Logging Configurations panel:

  1. In the Security Analytics menu, select Administration > System.
  2. In the options panel, select Global Auditing.

Features

The Global Audit Logging Configurations panel contains a toolbar and a grid. It also provides a view settings link that takes you to the Global Notifications panel where you can view or configure the notification server and template settings. A Syslog notification server and an Audit Logging notification template are required before you can create a global audit configuration.

Toolbar

The following table describes the icons available in the toolbar. 

                     
FeatureDescription

Add.png

Adds a global audit logging configuration.

Delete.png

Deletes a global audit logging configuration.

Edit.png

Edits a global audit logging configuration.

Grid

The following table describes the features in the grid.

                         
FeatureDescription

Select.png

To select an individual configuration, select the checkbox next to the configuration.
To select all configurations, select the checkbox in the title bar of the grid.
NameDisplays the name of the global auditing configuration. For example, you can name the configurations based on the destination of the global audit logs, such as HQ SA and My Syslog Server.
Notification ServerDisplays the Syslog Notification Server selected as the destination for the global audit logs. If you want to forward global audit logs to a Log Decoder, create a Syslog type of Notification Server. Configure a Destination to Receive Global Audit Logs provides instructions on how to create a Syslog Notification Server for global audit logging.
Notification TemplateDisplays the Audit Logging Notification Template selected for the configuration. It defines the format and message fields of the audit log entries. 
For Log Decoders, use the 10.5 Default Audit CEF Template. You can add or remove fields from the Common Event Format (CEF) template if you have specific requirements. Define a Template for Global Audit Logging provides instructions and Supported CEF Meta Keys describes the available CEF meta keys. 
For, third-party syslog servers, you can use a default audit logging template or define your own format (CEF or non-CEF). Configure Templates for Notifications provides instructions and Supported Global Audit Logging Meta Key Variables describes the available meta key variables.
Previous Topic:References
You are here
Table of Contents > References > Global Audit Logging Configurations Panel

Attachments

    Outcomes