cancel
Showing results for 
Search instead for 
Did you mean: 

Auditlog to Remote Syslog

SOLVED
Highlighted
Occasional Contributor

Auditlog to Remote Syslog

Has anyone had joy with getting the VTM auditlog to output to a remote syslog server?  I have set the global option auditlog!via_syslog=yes and also set the alerting actions to output to syslog.  The "update and test" syslog works fine and an info message is logged to syslog whenever a configuration change is made, but it does not log the whole auditlog to syslog (usernames, timestamps, actions etc).

4 REPLIES
Occasional Contributor

Re: Auditlog to Remote Syslog

Hi,

 

What version of vtm are you running?

 

Baptiste

Occasional Contributor

Re: Auditlog to Remote Syslog

Version 11

Occasional Contributor

Re: Auditlog to Remote Syslog

Could you please raise a support ticket?

It looks like a bug and I can reproduce it (tcpdump don't show any syslog packets leaving the vtm).

 

Baptiste

Occasional Contributor

Re: Auditlog to Remote Syslog

FYI, I raised a support request and it turns out not to be a bug but by design (although the wording is very misleading!).  The "auditlog!via_syslog"  global option only logs to a local syslog server.  To log to a remote syslog server you need to select the "auditlog!via_eventd" global option.  You can then configure your remote syslog server as a new alerting action and set the "Audit Events" event to point to that action.