Identity and Governance

Log forwarder configuration in IBM® Security Identity Governance and Intelligence Virtual Appliance (IGI-VA)

Share this post:

Log forwarder configuration in IBM® Security Identity Governance and Intelligence Virtual Appliance (IGI-VA)

Introduction

Starting from IGI V5.2.4, virtual appliance (VA) has provided a feature to forward all the logs in VA to the centralized log management server. Internally, VA uses “filebeat” as an agent to forward all the VA logs. A user can configure the filebeat from the VA panel by navigating through Manage -> Maintenance -> Log forwarder configuration.

The logs that are forwarded from the VA can be consumed by the external Logstash server or ELK (Elastic Search, Logstash, Kibana dashboards). A user can configure the ELK stack to filter the VA logs, generate various dashboards, etc.

Configuring Log forwarder in VA

Log forwarder can be configured with Logstash server that is running in non-SSL or SSL. Following are the required fields to configure:

Host name or Port fields are mandatory (this is the logstash server host or port). The Tags field is optional, but this field will be useful while filtering out the VA logs on the logstash server or for any other log analysis purposes. If the logstash server is running in SSL, then provide the logstash server SSL port and select the SSL check box. Refer the VA documentation to configure the log forwarder.

Sample Logstash server configuration

Following are the simple steps to configure the logstash server.

  1. Download the logstash install bundle. For example, logstash-5.4.2.tar.gz.
  2. Extract on any Linux server.
  3. Create a configuration file. For example, config, ssl.config.
  4. Run the logstash server.

For example:

$Logstash_install_path/bin/logstash -f non_ssl.config &

A sample non_ssl.config, which outputs logs to text file is as follows:

A sample ssl.config, which outputs logs to text file is as follows:

Java required for Logstash

Use OpenJDK or Oracle Java to run the logstash server. The Logstash server must run with a non-IBM version of Java, Version 1.8 or higher.

Sample SSL certificate creation

To configure the logstash server in SSL, openssl can be used to generate certificates.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt

Note: If the server hostname is provided in ssl.config and IP is used while configuring log forwarder in VA, then logs may not get forwarded. For this operation to work, while creating the certificates specify the subject alternative name as follows:

Click here to rate this article

Rate this article :

More Identity and Governance stories
By David Edwards on April 15, 2019

IGDM Part 3 – Implementing the Identity Governance Data Model

This blog is the third in a series of three looking at a proposed common Identity Governance Data Model (IGDM). This model attempts to address the needs of managing heterogeneous complex target system access models in an Identity Governance and Administration (IGA) environment. The proposed IGDM is designed to standardize identity management and governance data […]

Continue reading

By David Edwards on April 15, 2019

IGDM Part 2 – Validating the Proposed Identity Governance Data Model

This blog is the second in a series of three looking at a proposed common Identity Governance Data Model (IGDM). This model attempts to address the needs of managing heterogeneous complex target system access models in an Identity Governance and Administration (IGA) environment. The proposed IGDM is designed to standardize identity management and governance data […]

Continue reading

By David Edwards on April 15, 2019

IGDM Part 1 – Proposing an Identity Governance Data Model

This blog is the first in a series of three looking at a proposed common Identity Governance Data Model (IGDM). This model attempts to address the needs of managing heterogeneous complex target system access models in an Identity Governance and Administration (IGA) environment. The proposed IGDM is designed to standardize identity management and governance data […]

Continue reading