You can configure audit event logs to send to syslog server (cluster-wide). Audit events include connection, closure, and failures. Failures include the reason, the initiator, and the target. For example, a certificate validation failure will include the initiator and the target.
Debug logging to syslog server is available and is appliance specific (see Debug).
To configure audit event logs to send to a syslog server
- You will need a configured syslog server. If you have not configured a syslog server, you will see a message like this: To configure additional debut logging options, you need to configure a syslog server. Click Configure a syslog server. For more information, see Configuring and verifying a syslog server.
- Navigate to
External Integration > Syslog Events.
- The Syslog Events pane displays the following.
| Property | Description |
|---|---|
|
Syslog Server |
The name of the syslog server |
| Facility | The type of program being used to create syslog messages (for example, User or Mail) |
|
Log Format |
The format which can be CEF or JSON |
| Description | The description of the syslog event |
| # of Events | The number of events selected to be logged to the syslog server |
Use these toolbar buttons to manage the syslog server configurations
| Option | Description |
|---|---|
 Add |
Add a new syslog server configuration. For more information, see Configuring and verifying a syslog server. |
 Remove |
Remove the selected syslog server configuration from SPP. |
 Edit |
Modify the selected syslog server configuration. |
 Copy Syslog Template |
Clone the selected syslog server configuration. |
 Refresh |
Update the list of syslog server configurations. |
|
Send Test Event |
|