Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
cloudappliance/syslog [2019_10_04 06:27] – [SME Appliance:] jimcloudappliance:syslog [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
Line 1: Line 1:
-====== File Fabric Audit Logs ====== 
- 
-The Audit logs are available when logged in as the team Admin from the Audit Reports section of the Admin options. 
- 
-These can be filters and/or exported. 
- 
-If you want to enable the Audit logs to be accessible from the base OS then you can configure the logs to be output to syslog and they will be available in both places. 
- 
-To enable audit logs see [[governance#step4]] 
- 
-To view and export audit logs see [[governance#step5]] 
- 
-====== Writing File Fabric Audit Logs to syslog ====== 
- 
-===== Step 1 ===== 
- 
-syslog is a standard for message logging. It allows separation of the software that generates messages and is often used from a software perspective for security audit logging. Such messags can subsequently be integrated into log aggregation tools such as Splunk. 
- 
-The syslog functionality can be enabled by logging in as appladmin, going to Site Functionality and setting "Enable write audit events to syslog" to yes. 
- 
-===== Step 2 ===== 
- 
-Login as org admin to your account and from the Menu on right hand side goto Options --> Security and set "Write Audit Events to syslog file:" to yes The audit logs now will be written to ''%%/var/log/messages%%'' in the appliance 
- 
-====== Sending File Fabric appliance syslog entries to rsyslog service ====== 
- 
-===== File Fabric Appliance: ===== 
- 
-SSH in as ''%%smeconfiguser%%'' and then ''%%su%%'' to ''%%root%%''. Edit ''%%/etc/rsyslog.conf%%'' and at the bottom of file add line: 
- 
-<code>*.*                     @IP_OF_REMOTE_SYSLOG</code> 
-Restart the syslog service: 
- 
-''%%systemctl restart rsyslog%%'' 
- 
-The logs will be sent using UDP protocol and by default port 514 is used. 
- 
-==== Install rsyslog: ==== 
- 
-If you have not already done so, you will need to install and configure rsyslog on a separate machine please see http://www.rsyslog.com/ 
- 
-====== Apache Access Logs ====== 
- 
-You can find apache access logs at at ''%%/etc/httpd/logs%%'' 
- 
  
© Copyright 2024 Nasuni.