Syslog Settings

It’s possible to have StoredSafe send appliance information to a remote syslog server. By default it’s disabled.

┌────────────────────────────────────────────────────────────────────────────┐
│              Network Settings on node1 (Version 2.0.X build XXXX)          │
└────────────────────────────────────────────────────────────────────────────┘

┌─┬──────────────────────────────────────────────────────────────────────────┐
│1│View the remote syslog settings                                           │
│2│Change the remote syslog host                                             │
│3│Change the remote syslog port                                             │
│4│Change the remote syslog protocol (UDP or TCP)                            │
│5│Enable or Disable remote syslog                                           │
│6│Restart the syslog server                                                 │
│7│Log level for remote logging                                              │
└─┴──────────────────────────────────────────────────────────────────────────┘

Move the cursor or enter a it's corresponding number (Q to Quit)

Main> System Settings> Network> Syslog>

View the remote syslog settings

Check the status on sending system logs to a remote syslog server. Shows current remote syslog status (host, port and protocol).

Remote syslog is DISABLED.

Press any key to continue

Change the remote syslog host

Configure what remote syslog server to use. Currently only one remote syslog server is supported.

Specify remote syslog server? (Q to Quit) <none>: 192.168.1.124

Press any key to continue

Change the remote syslog port

If the remote syslog server is listening on a non default port, it can be specified here.

Specify port for remote syslog server? (Q to Quit) <none>: 514

Press any key to continue

Change the remote syslog protocol (UDP or TCP)

It’s possible to send syslog via UDP (default) or TCP.

Specify protocol for remote syslog server? (UDP or TCP) (Q to Quit) <udp>: tcp

Press any key to continue

Enable or Disable remote syslog

Enable or disable the sending of logs to a remote server.

Remote syslog is DISABLED.

Enable remote syslog? (<Y>/n):
Restart syslog to activate changes? (<Y>/n):

rsyslog stop/waiting
rsyslog start/running, process 2872

Remote syslog is ENABLED.
Remote syslog server is set to 192.168.1.124 on port 514 using udp.

Press any key to continue

Restart the syslog server

Restart the local syslog server.

rsyslog stop/waiting
rsyslog start/running, process 2928
Remote syslog is ENABLED.
Remote syslog server is set to 192.168.1.124 on port 514 using udp.

Press any key to continue

Log level for remote logging

Specify if decrypts should be be sent to the remote syslog server. By default, only objects marked with “Alert if decrypted” logged, with this setting all decrypts are logged and sent to the remote syslog server.

Note

The decrypted content is never logged.

If disabled:

Log all decrypts to the remote syslog server "10.6.1.2"? (<Y>/n):

Press any key to continue

If enabled:

Stop logging all decrypts to the remote syslog server "10.6.1.2"? (<Y>/n):

Press any key to continue

Example

Jun 23 17:21:46 stored.safe.cc storedsafe[10744]: "action=alarm" what="x509 (2391)" user="Sven Svensson (29)" source="10.2.9.7"
Jun 23 17:21:53 stored.safe.cc storedsafe[30747]: "action=alarm-decrypted" what="Emergency use only (1339)" user="Ulrich Bauer (29)" source="10.200.1.89"