Forwarding logs to a remote syslog server

In IBM Security Verify Governance 10.0.1 Fix Pack 2, you can configure the Identity Manager virtual appliance to forward the contents of specific log files to a remote syslog server.

About this task

As an administrator, you may want to send the logs to an external server for centralized storage or to meet the compliance requirements.

When you enable the remote syslog forwarding capability, it monitors the local log files. When new log entries are written to the local log files, those log entries from the specified log files are sent to a preconfigured remote syslog server.

Procedure

  1. Log in to IBM Security Verify Governance.
  2. Go to Monitor > Logs > Remote Syslog Forwarding.
    To begin using this feature, you must first configure the source details and the remote server information.
  3. In the Remote Syslog Forwarding page, click Add.
    In the Add Remote Syslog Forwarder Details dialog, provide the following information for the remote syslog server.
    • Server: The IP address or the hostname of the remote syslog server to which you want to forward the system logs.
    • Port: Port number on which the remote syslog server is listening to the requests.
    • Protocol: Select the protocol (TCP or UDP ) to be used to communicate with the remote syslog server.
    • Format: Select the format (BSD Syslog Protocol or Syslog Protocol) in which you want to send the system logs.
    Click Save Configuration.
    You can configure only one remote syslog server at a time. After you configure a remote syslog server, the Add button is disabled.
  4. To update the existing remote syslog server configuration, click Edit. Modify the settings as required, and then click Save Configuration.
  5. To delete the remote syslog server configuration, click Delete tab. A confirmation message appears. Click Yes to delete the configuration.
  6. To refresh the currently added remote syslog server details, click Refresh.
  7. Next, you must provide the details about the system log files that should be forwarded. In the Remote Syslog Forwarding page,click Sources tab.
    In the Add Remote Syslog Forwarder Source window, provide the following details:
    • Name: Select a log source from the drop-down list.
    • Instance Name: This option is only available if you select Name as IsimNode.
    • Logs File: When you select Name as IsimNodes, Install logs, or IsimDmgr then the respective logs file is automatically shown in the Log File drop-down.
    • Tag: Enter a file name for the system log file to be forwarded. This tag name must be unique across all the sources, and must not contain any space. The only special character allowed in the tag name is the underscore (_ ) character. Example: My_Tag or MyTag are valid tag names; whereas My Tag, My%tag, or My@tag are not valid tag names.
    • Facility: Select a category name for the system log to be forwarded. For more details, see this page.
    • Severity: Select a severity level for the system log entries.
    Click Save Configuration. In the similar manner, you can configure multiple sources.
  8. You have successfully configured the remote syslog forwarding feature. When there are any updates to the specified log files, the log messages are sent to the remote syslog server and saved to the file with the name you had specified in the Tag field.
    Note:
    • Each line in the appliance standard log file is treated as a separate remote syslog message.
    • All the messages from a single log file are sent to the remote syslog server using the same facility and severity, as specified in the configuration.
    • The rsyslog forwarding mechanism implements LF-based framing.