It is the responsibility of the Appliance Administrator to configure Safeguard for Privileged Passwords to log event messages to a syslog server. The steps below cover configuration.
Other considerations:
- For event messages to be logged, you must configure Safeguard for Privileged Passwords to send alerts. For more information, see Configuring alerts.
- The syslog client certificate will be used. For more information, see Syslog Client Certificate.
Some of the actions performed from Syslog on the desktop client are in the web client: Syslog Events and Debug.
- Go to Syslog:
web client: Navigate to
External Integration | Syslog.
desktop client: Navigate to Administrative Tools | Settings | External Integration | Syslog.
- Click
Add to display the Syslog Serverdialog.
-
In the Syslog Server dialog, enter the following:
-
Name: Enter a descriptive name for the syslog server.
- Network Address: Enter the IP address or FQDN of the syslog server. Limit: 255 characters
-
Port: Enter the port number for the syslog server. Default: 514 and range: between 1 and 32767
-
Protocol: Select the network protocol and syslog header type:
-
UDP (RFC 3164): Sends messages over UDP using the syslog header format specified in RFC 3164. (desktop client)
- UDP (RFC 5424): Sends messages over UDP using the syslog header format specified in RFC 5424.
- TCP (RCF 5424): Sends messages over TCP using the syslog header format specified in RFC 5424. TCP is required for TLS options.
-
- If you selected a Protocol of TCP (RCF 5424), additional selections can be made to configure Safeguard for Privileged Passwords to use Transport Layer Security (TLS). This provides encrypted communication with the syslog server instead of plain text over TCP.
-
In the web client, select Use TLS Encrypton or in the desktop client, select Use TLS (Requires TCP).
- Verify Syslog Server Certificate: If selected, the syslog server certificate messages will only be sent if Safeguard for Privileged Passwords is able to verify the authenticity of the syslog server TLS certificate. If Safeguard for Privileged Passwords cannot resolve the syslog server TLS certificate to a trusted root, the message will not be sent.
- Use Client Certificate: Select this option if the syslog server requires clients to authenticate. You should also set the syslog client certificate appropriately. For more information, see Creating a syslog client Certificate Signing Request.
-
-
- The following settings in the desktop client. For the web client, the same capabilities are available from Syslog Events and Debug.
- Format: Select between Common Event Format (CEF) or Javascript Object Notation (JSON).
- Description: Enter the description of the syslog event.
- For Events, click Browse then select the check boxes of the Events to which you want to subscribe You can enter characters then click
Search to limit the events that are displayed. Click OK.
- Facility: Select which syslog facility to use, for example User or Mail.
- Click OK to save your selection and add the syslog server configuration.
- You can verify the syslog server. See the next section.
To verify a syslog server
desktop client: Navigate to Administrative Tools | Settings | External Integration | Syslog.
- When configuring the syslog server, add the test event. For more information, see To configure a syslog server.
- Select the syslog server configuration on the grid you want to test.
- Select Send Test Event. Safeguard for Privileged Passwords logs a test message to the designated syslog server.
web client: Navigate to
External Integration | Syslog Event. Click Send Test Event. For more information, see Syslog Events.