Configuring syslog on Address Manager - BlueCat Integrity - 9.5.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.5.0

BAM allows you to set syslog (system log) redirection from the BAM user interface by adding an IP address for one or more syslog redirection servers.

When configuring syslog service, the content of the redirected syslog file might be more verbose than the content of the syslog file written locally on Address Manager. Address Manager filters the content that is written to the local syslog file.

To configure syslog service on the BAM server:

  1. Select the Administration tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Administration page.
  2. Under General, click Service Configuration.
  3. From the Service Type drop-down menu, select Syslog. BAM queries the server and returns the current values for the service settings.
  4. Under Local Settings, set the following parameter:
    • ISO 8601 Timestamp—select this checkbox to use the ISO 8601 timestamp format for locally logged messages. The format is as follows: YYYY-MM-DDTHH:mm:ss+-ZONE. For example, 2022-10-13T15:58:00+01:00.

      If you leave this checkbox unchecked, locally logged messages use the legacy BSD timestamp.

  5. Under Add Remote Syslog Server, set the following parameters:
    • Server—enter the IP address for a syslog server.
    • Port—enter the port used to connect to the syslog server.
    • Level—select the logging level that is sent to the syslog server. The logging level can be one of the following:
      • Informational—informational messages of system events.
      • Notice—indicates normal but significant conditions within the system.
      • Warning—indicates warning conditions within the system.
      • Error—indicates error conditions within the system.
      • Critical—indicates critical conditions within the system.
      • Alert—indicates that action must be taken immediately.
      • Emergency—indicates that the system is unusable.
    • Use RFC5424 Syslog Protocol—select this checkbox to use the RFC5424 syslog protocol for syslog messages. For more information on RFC5424, refer to https://datatracker.ietf.org/doc/rfc5424/.

      If you leave this checkbox unchecked, syslog messages use the legacy BSD RFC3164 syslog protocol. For more information on RFC3614, refer to https://datatracker.ietf.org/doc/rfc3164/.

    • ISO 8601 Timestamp—select this checkbox to use the ISO 8601 timestamp format for syslog messages redirected to a remote syslog server. The format is as follows: YYYY-MM-DDTHH:mm:ss+-ZONE. For example, 2022-10-13T15:58:00+01:00.
      Note:
      • If you select Use RFC5424 Syslog Protocol, this field is automatically enabled.
      • If you leave this checkbox unchecked, syslog messages use the legacy BSD timestamp.
    • Under Service Type, select the services for which syslog messages are generated. You can select APIv1 Diagnostics, APIv2 Diagnostics, or All Other Services.
    • Transport—select the transport protocol used to connect to the syslog server. You can select TCP, UDP, or TLS.
      If you select TLS, the following additional fields appear:
      • Peer Verify—select the verification method of the remote peer. You can select one of the following:
        • required-trusted—the connection is TLS-encrypted if the remote peer has a valid certificate.
        • required-untrusted—the connection is TLS-encrypted if the remote peer has an invalid certificate or valid certificate.
        • optional-trusted—the connection is TLS-encrypted if the remote peer has no certificate or a valid certificate.
        • optional-untrusted—the connection is TLS-encrypted if the remote peer has no certificate, an invalid certificate, or a valid certificate.
          Note: If you set the Peer Verify method to optional-untrusted, the CA certificate is optional.
      • CA Certificate Upload—upload a valid CA certificate used to verify the server certificate during the TLS handshake. The CA certificate must be in PEM format.
      • Client Certificate Upload(Optional) upload a valid client certificate to use for authentication. The client certificate must be in PEM format.
      • Client Private Key(Optional) upload a valid client private key to use for authentication. The client private key must be in PEM format and must not be password-protected.
        Attention: If you upload a Client Certificate Upload, you must also upload a Client Private Key.
      Note: If you select TLS as the transport protocol, the Use RFC5424 Syslog Protocol and ISO 8601 Timestamp fields are automatically enabled.
  6. Click Add. The syslog server appears in the list within the Remote Syslog Servers section. To remove a server, select it from the list and click Action > Delete Selected.
  7. Click Update.