You can configure audit event logs to send to syslog server (cluster-wide). Audit events include connection, closure, and failures. Failures include the reason, the initiator, and the target. For example, a certificate validation failure will include the initiator and the target.

Debug logging to syslog server is available and is appliance specific (see Debug).

To configure audit event logs to send to a syslog server

  1. You will need a configured syslog server. If you have not configured a syslog server, you will see a message like this: To configure additional debut logging options, you need to configure a syslog server. Click Configure a syslog server. For more information, see Configuring and verifying a syslog server.
  2. Navigate to External Integration > Syslog Events.
  3. The Syslog Events pane displays the following.
Table 138: Syslog server: Properties
Property Description

Syslog Server

The name of the syslog server

Facility The type of program being used to create syslog messages (for example, User or Mail)

Log Format

The format which can be CEF or JSON

Description The description of the syslog event
# of Events The number of events selected to be logged to the syslog server

Use these toolbar buttons to manage the syslog server configurations

Table 139: Syslog server: Toolbar
Option Description
Add Add a new syslog server configuration. For more information, see Configuring and verifying a syslog server.
Remove

Remove the selected syslog server configuration from SPP.

Edit Modify the selected syslog server configuration.
Copy Syslog Template Clone the selected syslog server configuration.
Refresh Update the list of syslog server configurations.

Send Test Event

  • To send a test message to the designated syslog server