Identity and Governance

Log forwarder configuration in IBM® Security Identity Governance and Intelligence Virtual Appliance (IGI-VA)

Share this post:

Log forwarder configuration in IBM® Security Identity Governance and Intelligence Virtual Appliance (IGI-VA)

Introduction

Starting from IGI V5.2.4, virtual appliance (VA) has provided a feature to forward all the logs in VA to the centralized log management server. Internally, VA uses “filebeat” as an agent to forward all the VA logs. A user can configure the filebeat from the VA panel by navigating through Manage -> Maintenance -> Log forwarder configuration.

The logs that are forwarded from the VA can be consumed by the external Logstash server or ELK (Elastic Search, Logstash, Kibana dashboards). A user can configure the ELK stack to filter the VA logs, generate various dashboards, etc.

Configuring Log forwarder in VA

Log forwarder can be configured with Logstash server that is running in non-SSL or SSL. Following are the required fields to configure:

Host name or Port fields are mandatory (this is the logstash server host or port). The Tags field is optional, but this field will be useful while filtering out the VA logs on the logstash server or for any other log analysis purposes. If the logstash server is running in SSL, then provide the logstash server SSL port and select the SSL check box. Refer the VA documentation to configure the log forwarder.

Sample Logstash server configuration

Following are the simple steps to configure the logstash server.

  1. Download the logstash install bundle. For example, logstash-5.4.2.tar.gz.
  2. Extract on any Linux server.
  3. Create a configuration file. For example, config, ssl.config.
  4. Run the logstash server.

For example:

$Logstash_install_path/bin/logstash -f non_ssl.config &

A sample non_ssl.config, which outputs logs to text file is as follows:

A sample ssl.config, which outputs logs to text file is as follows:

Java required for Logstash

Use OpenJDK or Oracle Java to run the logstash server. The Logstash server must run with a non-IBM version of Java, Version 1.8 or higher.

Sample SSL certificate creation

To configure the logstash server in SSL, openssl can be used to generate certificates.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt

Note: If the server hostname is provided in ssl.config and IP is used while configuring log forwarder in VA, then logs may not get forwarded. For this operation to work, while creating the certificates specify the subject alternative name as follows:

Click here to rate this article

Rate this article :

More Identity and Governance stories
By Ramakrishna Gorthi and DAVID EDWARDS on February 14, 2019

Identity Governance and Intelligence – Custom Rules

Identity Governance and Intelligence – Custom Rules IBM Security Identity Governance and Intelligence (IGI) allows enterprises to manage and govern users, such as to provision, audit and report user access and his activities through life cycle, compliance and analytics capabilities. This blog presents a new resource to assist with extending the functionality of IGI, namely […]

Continue reading

By Leo Farrell and AdrianRinaldi Sasmita on February 12, 2019

OpenBanking: The state hash claim

OpenBanking: The state hash claim When implementing OpenBanking and following the foundation implementers draft  one of the requirements is to include several additional claim values. One of the claim values is s_hash the goal of this claim is to ensure the id_token returned in the authorization code flow matches the request to /authorize triggered by the […]

Continue reading

By Sachin Patil on February 8, 2019

Two-way SSL database configurations with IBM® Security Identity Governance and Intelligence Virtual Appliance (IGI-VA)

Two-way SSL database configurations with IBM® Security Identity Governance and Intelligence Virtual Appliance (IGI-VA) About one-way SSL and two-way SSL authentication Configuring communication between an SSL server and client can use one-way or two-way SSL authentication. The SSL client is the computer where the IBM Security Identity Governance and Intelligence Server (IGI) is installed, and […]

Continue reading