Syslog on DNS/DHCP Server - BlueCat Integrity - 26.1.0

Address Manager Administration Guide
ft:locale
en-US
Product name
BlueCat Integrity
Version
26.1.0

BAM allows you to set syslog (system log) redirection from the BAM user interface by adding an IP address and configuring settings of syslog redirection servers.

When configuring syslog service, the content of the redirected syslog file might be more verbose than the content of the syslog file written locally on DNS/DHCP Server. DNS/DHCP Server filters the content that is written to the local syslog file.

To configure syslog service on a managed BDDS:

  1. Select the Servers tab in the sidebar, then select Servers.
  2. Select the name of a server.
  3. Select the Services tab.
  4. Under Monitoring and analytics, locate the Syslog service panel and select Edit service.
  5. Select the ISO 8601 timestamps enabled checkbox to use the ISO 8601 timestamp format for locally logged messages. The format is as follows: YYYY-MM-DDTHH:mm:ss+-ZONE. For example, 2022-10-13T15:58:00+01:00. If you leave this checkbox unchecked, locally logged messages use the legacy BSD timestamp.
  6. On the Syslog redirection servers tab, select Add a new redirection server and set the following parameters:
    • Server type—select Syslog as the server type.
    • Address—enter the IP address for a syslog server.
    • Port—enter the port used to connect to the syslog server.
    • Under Service types, select the services for which syslog messages are generated. You can select DHCP, DNS, or All other services.
    • Severity level—select the logging level that is sent to the syslog server. The logging level can be one of the following:
      • Informational—informational messages of system events.
      • Notice—indicates normal but significant conditions within the system.
      • Warning—indicates warning conditions within the system.
      • Error—indicates error conditions within the system.
      • Critical—indicates critical conditions within the system.
      • Alert—indicates that action must be taken immediately.
      • Emergency—indicates that the system is unusable.
    • Transport protocol—select the transport protocol used to connect to the syslog server. You can select TCP, UDP, or TLS.
      If you select TLS, the following additional fields appear:
      • Peer verify—select the verification method of the remote peer. You can select one of the following:
        • required-trusted—the connection is TLS-encrypted if the remote peer has a valid certificate.
        • required-untrusted—the connection is TLS-encrypted if the remote peer has an invalid certificate or valid certificate.
        • optional-trusted—the connection is TLS-encrypted if the remote peer has no certificate or a valid certificate.
        • optional-untrusted—the connection is TLS-encrypted if the remote peer has no certificate, an invalid certificate, or a valid certificate.
          Note: If you set the Peer verify method to optional-untrusted, the CA certificate is optional.
      • CA certificate upload—upload a valid CA certificate used to verify the server certificate during the TLS handshake. The CA certificate must be in .pem, .cer, .cert, or .crt format.
      • Client certificate(Optional) upload a valid client certificate to use for authentication. The client certificate must be in .pem, .cer, .cert, or .crt format.
      • Client private key(Optional) upload a valid client private key to use for authentication. The client private key must be in .pem or .key format and must not be password-protected.
        Attention: If you upload a Client certificate, you must also upload a Client private key.
      Note: If you select TLS as the transport protocol, the Syslog protocol field is automatically set to RFC 5424 and the ISO 8601 timestamps enabled checkbox is automatically enabled.
    • Syslog protocol—use the drop-down menu to select either the RFC5424 syslog protocol (https://datatracker.ietf.org/doc/rfc5424/) or the legacy BSD RFC3164 syslog protocol ( https://datatracker.ietf.org/doc/rfc3164/) for syslog messages.
    • ISO 8601 timestamps enabled—select this checkbox to use the ISO 8601 timestamp format for syslog messages redirected to a remote syslog server. The format is as follows: YYYY-MM-DDTHH:mm:ss+-ZONE. For example, 2022-10-13T15:58:00+01:00.
      Note:
      • If you select set the Syslog protocol to RFC5424, this option is automatically enabled.
      • If you leave this checkbox unchecked, syslog messages use the legacy BSD timestamp.
  7. (Optional) To add additional syslog servers, select Add a new redirection server (+) again.
  8. Select Save.