Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
cloudappliance/syslog [2019_10_04 12:12]
jim [Step 1]
cloudappliance/syslog [2020_04_30 12:54] (current)
dan
Line 1: Line 1:
 ====== File Fabric Audit Logs ====== ====== File Fabric Audit Logs ======
 +== last edited on: April 30, 2020 ==
  
-File Fabric audit logs are event logs that are generated based on file events that occur through the File Fabric API's and additionally on disocvery ​of multi-cloud files through meta-data synchronization events.+File Fabric audit logs are event logs that are generated based on file events that occur through the File Fabric API's and additionally on discovery ​of multi-cloud files through meta-data synchronization events.
  
  
 The Audit logs are available when logged in as the tenant Admin from the Audit Reports section of the Admin options. The Audit logs are available when logged in as the tenant Admin from the Audit Reports section of the Admin options.
- 
-The granularity of the audit events can be controlled by the tenant Admin. 
  
 Audit logs can be filtered, archived, and/or exported. Audit logs can be filtered, archived, and/or exported.
  
-Audit logs can capture information that is specific to a tenant user, but also file sharing information such as the remote IP address of users accessing file shares. System tasks can also be captured by the audit event logs, dependent on the granularity that has been set. Audit events that have an IP address of 1.1.1.1 are system ​generatd ​events, that may or may not be based on user interaction.+Audit logs can capture information that is specific to a tenant user, but also file sharing information such as the remote IP address of users accessing file shares. System tasks can also be captured by the audit event logs, dependent on the granularity that has been set. Audit events that have an IP address of 1.1.1.1 are system ​generated ​events, that may or may not be based on user interaction.
  
 If you want to enable the Audit logs to be accessible from the base OS then you can configure the logs to be output to syslog and they will be available in both places. If you want to enable the Audit logs to be accessible from the base OS then you can configure the logs to be output to syslog and they will be available in both places.
Line 18: Line 17:
 To view and export audit logs see [[governance#​step5]] To view and export audit logs see [[governance#​step5]]
  
-====== Writing File Fabric Audit Logs to syslog ​======+==== Writing File Fabric Audit Logs to syslog ====
  
-===== Step 1 =====+=== Step 1 - Appliance Admin Setting ​===
  
 syslog is a standard for message logging. It allows separation of the software that generates messages and is often used from a software perspective for security audit logging. Such messags can subsequently be integrated into log aggregation tools such as Splunk. syslog is a standard for message logging. It allows separation of the software that generates messages and is often used from a software perspective for security audit logging. Such messags can subsequently be integrated into log aggregation tools such as Splunk.
Line 28: Line 27:
 The syslog functionality can be enabled by logging in as appladmin, going to Site Functionality and setting "​Enable write audit events to syslog"​ to yes. The syslog functionality can be enabled by logging in as appladmin, going to Site Functionality and setting "​Enable write audit events to syslog"​ to yes.
  
-===== Step 2 =====+=== Step 2 - Organization Admin Setting ​===
  
-Login as org admin to your account and from the Menu on right hand side goto Options ​--> Security and set "Write Audit Events to syslog file:" to yes The audit logs now will be written to ''​%%/​var/​log/​messages%%''​ in the appliance+Login as org admin to your account and from the Menu on right hand side goto Options > Security and set "Write Audit Events to syslog file:" to yes The audit logs now will be written to ''​%%/​var/​log/​messages%%''​ in the appliance
  
-====== Sending File Fabric ​appliance ​syslog ​entries ​to rsyslog ​service ======+==== Sending File Fabric syslog ​Entries ​to rsyslog ​Service ​====
  
-===== File Fabric Appliance: ​=====+=== File Fabric Appliance: ===
  
 SSH in as ''​%%smeconfiguser%%''​ and then ''​%%su%%''​ to ''​%%root%%''​. Edit ''​%%/​etc/​rsyslog.conf%%''​ and at the bottom of file add line: SSH in as ''​%%smeconfiguser%%''​ and then ''​%%su%%''​ to ''​%%root%%''​. Edit ''​%%/​etc/​rsyslog.conf%%''​ and at the bottom of file add line:
Line 45: Line 44:
 The logs will be sent using UDP protocol and by default port 514 is used. The logs will be sent using UDP protocol and by default port 514 is used.
  
-==== Install rsyslog: ​====+=== Install rsyslog: ===
  
 If you have not already done so, you will need to install and configure rsyslog on a separate machine please see http://​www.rsyslog.com/​ If you have not already done so, you will need to install and configure rsyslog on a separate machine please see http://​www.rsyslog.com/​
- 
-====== Apache Access Logs ====== 
- 
-You can find apache access logs at at ''​%%/​etc/​httpd/​logs%%''​