Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Auditlog to Remote Syslog

SOLVED
Go to solution
honeymonster
Occasional Contributor
‎08-18-2016 07:25:AM
‎08-18-2016 07:25:AM

Auditlog to Remote Syslog

Has anyone had joy with getting the VTM auditlog to output to a remote syslog server?  I have set the global option auditlog!via_syslog=yes and also set the alerting actions to output to syslog.  The "update and test" syslog works fine and an info message is logged to syslog whenever a configuration change is made, but it does not log the whole auditlog to syslog (usernames, timestamps, actions etc).

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
honeymonster
Occasional Contributor
‎08-24-2016 07:56:AM
‎08-24-2016 07:56:AM

Re: Auditlog to Remote Syslog

FYI, I raised a support request and it turns out not to be a bug but by design (although the wording is very misleading!).  The "auditlog!via_syslog"  global option only logs to a local syslog server.  To log to a remote syslog server you need to select the "auditlog!via_eventd" global option.  You can then configure your remote syslog server as a new alerting action and set the "Audit Events" event to point to that action.

View solution in original post

4 REPLIES 4
Baptiste Assmann
Occasional Contributor
‎08-22-2016 04:45:AM
‎08-22-2016 04:45:AM

Re: Auditlog to Remote Syslog

Hi,

 

What version of vtm are you running?

 

Baptiste

0 Kudos
honeymonster
Occasional Contributor
‎08-23-2016 12:14:AM
‎08-23-2016 12:14:AM

Re: Auditlog to Remote Syslog

Version 11

0 Kudos
Baptiste Assmann
Occasional Contributor
‎08-24-2016 12:49:AM
‎08-24-2016 12:49:AM

Re: Auditlog to Remote Syslog

Could you please raise a support ticket?

It looks like a bug and I can reproduce it (tcpdump don't show any syslog packets leaving the vtm).

 

Baptiste

0 Kudos
honeymonster
Occasional Contributor
‎08-24-2016 07:56:AM
‎08-24-2016 07:56:AM

Re: Auditlog to Remote Syslog

FYI, I raised a support request and it turns out not to be a bug but by design (although the wording is very misleading!).  The "auditlog!via_syslog"  global option only logs to a local syslog server.  To log to a remote syslog server you need to select the "auditlog!via_eventd" global option.  You can then configure your remote syslog server as a new alerting action and set the "Audit Events" event to point to that action.

© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.