Generating audit records in syslog format
You can use the IBM® Security Guardium® Key Lifecycle Manager graphical user interface to configure and generate the audit records in syslog format and send them to a syslog server.
Before you begin
About this task
The audit log messages are written to a configured local audit file in syslog format when:
- Syslog format is enabled for the audit messages.
- Syslog format is enabled, and syslog server hostname and the port number are not specified.
- Syslog format is enabled, syslog server hostname and port number are specified, but the server hostname or port number is not reachable.
Procedure
- Log in to the graphical user interface.
- Click .
- Select Use syslog format.
- Specify the server hostname or IP address in Syslog server host.
- Specify the port number on which the syslog server listens for requests in Syslog server port.
- If you need the secure transfer of audit information to the syslog server by using the TLS transport protocol, select Use TLS.
- Click OK.
What to do next
- If the IBM Security Guardium Key Lifecycle Manager TLS server certificate is not already created, create the certificate. To create a server certificate, see Creating a server certificate.
- Export the IBM Security Guardium Key Lifecycle Manager TLS server certificate that is marked for UI access to a file. To export the certificate, see Downloading a server certificate.
- Obtain the syslog server certificate as a file, import it, and trust the syslog server certificate in IBM Security Guardium Key Lifecycle Manager server. To import the syslog server certificate, see Importing a system peripheral certificate.
- Import the IBM Security Guardium Key Lifecycle Manager server certificate to syslog server. Use the certificate file that is created in Step 2.
- Set the IBM Security Guardium Key Lifecycle Manager TLS server certificate
alias in the configuration properties file. Note: Skip this step if the IBM Security Guardium Key Lifecycle Manager TLS server certificate is created by using the graphical user interface.For example,
PUT https://localhost:port/SKLM/rest/v1/configProperties Content-Type: application/json Accept : application/json Authorization: SKLMAuth userAuthId=139aeh34567m Accept-Language : en { "config.keystore.ssl.certalias" : "<alias of the server certificate that is created in Step 1>"}
- Restart the server. For more information, see Restarting the Guardium Key Lifecycle Manager server.