Configuration Syslog Server Settings

  1. Log into the KeyControl webGUI using an account with Security Admin privileges.
  2. In the top menu bar, click Settings.
    1. In the System Settings section, click Syslog Server.

  4. On the Syslog Server Settings page, specify the options you want to use.

  5. Click Apply.

Important: If you plan to use an external syslog server for your audit logs, you must also complete the following: 

  1. Configure your syslog server to receive messages from each of the KeyControl nodes in the cluster. The syslogd flags that specify the KeyControl nodes should contain names that are resolvable. Make sure that your /etc/hosts file is set up correctly, with either IP addresses or hostnames. If you use hostnames, make sure that reverse lookups work on the syslog server.

  2. Add the tag hcs_audit to your syslog.conf file. The FreeBSD example below directs all hcs_audit messages to go to the log file /var/log/hcs_audit.log:

    ! hcs_audit *.* /var/log/hcs_audit.log
! -hcs_audit

  3. Make sure the audit log file is only writeable by root. For example:

    # touch /var/log/hcs_audit.log
# chmod 0600 /var/log/hcs_audit.log

  4. Configure your rc.conf file. For example, the following should be set prior to changing to syslog.conf:

    syslogd_enable="YES"
syslogd_flags="-a kps1.domain -a kps2.domain -v"

  5. Restart the syslog daemon and verify that audit records generated by every KeyControl node are being written to the hcs_audit.log file by logging out and then log back in on each of the KeyControl nodes in the cluster. When you are done, examine the audit log to make sure those logins were properly recorded.

    If messages are not being added, use tcpdump to make sure that packets are arriving at the syslog server. If the packets are arriving, check the documentation for your syslog server to make sure the configuration is correct.