Generating audit records in syslog and LEEF formats
You can use the IBM Security Guardium Key Lifecycle Manager graphical user interface to configure and generate the audit records in syslog or Log Event Extended Format (LEEF) format and send them to a syslog server.
Before you begin
About this task
The audit log messages are written to a configured local audit file in syslog format when:
- Syslog format is enabled for the audit messages.
- Syslog format is enabled, and syslog server hostname and the port number are not specified.
- Syslog format is enabled, syslog server hostname and port number are specified, but the server hostname or port number is not reachable.
Procedure
- Log in to the graphical user interface.
- Click .
- Select Use syslog server.
- Select the log event format such as Syslog or LEEF.
- Specify the syslog server hostname and the port number in the respective fields.
- You can configure a maximum of two syslog servers for forwarding the audit records. To add and configure the second syslog server, click the Add additional syslog server link and specify the hostname and port number.
- If you need the secure transfer of audit information to the syslog server by using the TLS transport protocol, select Use TLS.
- Click OK.
What to do next
- If the IBM Security Guardium Key Lifecycle Manager TLS server certificate is not already created, create the certificate. To create a server certificate, see Creating a server certificate.
- Export the IBM Security Guardium Key Lifecycle Manager TLS server certificate that is marked for UI access to a file. To export the certificate, see Downloading a server certificate.
- Obtain the syslog server certificate as a file, import it, and trust the syslog server certificate in IBM Security Guardium Key Lifecycle Manager server. To import the syslog server certificate, see Importing a system peripheral certificate.
- Import the IBM Security Guardium Key Lifecycle Manager server certificate to syslog server. Use the certificate file that is created in Step 2.
- Set the IBM Security Guardium Key Lifecycle Manager TLS server certificate
alias in the configuration properties file. Note: Skip this step if the IBM Security Guardium Key Lifecycle Manager TLS server certificate is created by using the graphical user interface.For example,
PUT https://localhost:port/SKLM/rest/v1/configProperties Content-Type: application/json Accept : application/json Authorization: SKLMAuth userAuthId=139aeh34567m Accept-Language : en { "config.keystore.ssl.certalias" : "<alias of the server certificate that is created in Step 1>"}