If you configure syslog server settings, the audit log will always be transferred to the syslog server and stored as the syslog files.
You can select either of the following protocols to transfer the audit log to the syslog server. The output file format is different by the selected protocol.
- TLS1.2/RFC5424
- UDP/RFC3164
Note: When you use UDP/RFC3164, consider the characteristics of UDP (User Datagram Protocol) when designing a network. See
http://www.ietf.org./rfc/rfc3164.txt (Request for Comments) issued by IETF (Internet Engineering Task Force) for more details.
Note: Keep a list of the items such as the IP address you entered in the
Syslog tab on
Edit Audit Log Settings window. You may need to enter them again when an SVP is replaced.
- You must have Audit Log Administrator (View & Modify) role to configure syslog server settings.
- Make sure that the storage system is connected to syslog servers on a LAN.
- Make sure that the syslog servers are configured so as to transfer audit logs to the syslog servers.
- The syslog server certificate and the client certificate are required to use TLS1.2/RFC5424.
- If you use the new syslog protocol (TLS1.2/RFC5424), you must specify, for subjectAltName or CommonName in the syslog server certificate, the host name or IP address of the syslog server.
- If you specify the host name of the syslog server as the transfer destination, you must register the host name and domain name of the syslog server in the DNS server.
CAUTION:
If audit logs are transferred before configuring the setting of a syslog server to which the audit logs are transferred, the logs are not saved on the syslog server and lost. See the user manual of the syslog server for the details of the syslog server setting.