Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
| cloudappliance/syslog [2019_10_04 06:27] – [SME Appliance:] jim | cloudappliance/syslog [2019_10_21 17:58] – [Step 1] steven | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== File Fabric Audit Logs ====== | ====== File Fabric Audit Logs ====== | ||
| - | The Audit logs are available when logged in as the team Admin from the Audit Reports section | + | File Fabric audit logs are event logs that are generated based on file events that occur through |
| - | These can be filters | + | |
| + | The Audit logs are available when logged in as the tenant Admin from the Audit Reports section of the Admin options. | ||
| + | |||
| + | The granularity of the audit events | ||
| + | |||
| + | Audit logs can be filtered, archived, | ||
| + | |||
| + | Audit logs can capture information that is specific to a tenant user, but also file sharing information such as the remote IP address of users accessing file shares. System tasks can also be captured by the audit event logs, dependent on the granularity that has been set. Audit events that have an IP address of 1.1.1.1 are system generatd events, that may or may not be based on user interaction. | ||
| If you want to enable the Audit logs to be accessible from the base OS then you can configure the logs to be output to syslog and they will be available in both places. | If you want to enable the Audit logs to be accessible from the base OS then you can configure the logs to be output to syslog and they will be available in both places. | ||
| Line 13: | Line 20: | ||
| ====== Writing File Fabric Audit Logs to syslog ====== | ====== Writing File Fabric Audit Logs to syslog ====== | ||
| - | ===== Step 1 ===== | + | ===== Step 1 - Appliance Admin Setting |
| syslog is a standard for message logging. It allows separation of the software that generates messages and is often used from a software perspective for security audit logging. Such messags can subsequently be integrated into log aggregation tools such as Splunk. | syslog is a standard for message logging. It allows separation of the software that generates messages and is often used from a software perspective for security audit logging. Such messags can subsequently be integrated into log aggregation tools such as Splunk. | ||
| + | |||
| + | Splunk is widely used among enterprise security teams for breach investigations. Enabling syslog provides the ability to feed audit events into Splunk, enabling conmpanies to evaluate potential data breaches through the same means they use to investigate issues with other internally used applications and/or services. | ||
| The syslog functionality can be enabled by logging in as appladmin, going to Site Functionality and setting " | The syslog functionality can be enabled by logging in as appladmin, going to Site Functionality and setting " | ||