Configuring log forwarding on Service Nodes - Adaptive Applications - BlueCat Gateway - 22.1

BlueCat Distributed DDNS Administration Guide

Locale
English
Product name
BlueCat Gateway
Version
22.1
Log forwarding leverages the syslog-ng capabilities on the BDDS to forward service logs to a remote ArcSight server. By default, log messages of all services running on the Distributed DDNS Service Node are forwarded.
Note: Logs are sent remotely using UDP on port 514.
Prerequisites
  • The BDDS must be able to communicate with the ArcSight logging server. Ensure that the firewall rules allow for the communication with the ArcSight server and that the BDDS can route traffic to the server.
  • The ArcSight logging server must be configured to receive messages from the BDDS.
To configure log forwarding on Service Nodes:
  1. Log in to the console of the BDDS with the Service Node configured as the root user.
  2. Create a new directory for syslog-ng using the following command:
    mkdir /etc/syslog-ng/scl/distributed_ddns/
  3. Click here to download the ddns.conf configuration file and place the file within the newly created directory.
  4. Log in to the Address Manager UI that controls the BDDS.
  5. Select the Servers tab.
  6. Under Servers, click the name of the BDDS with the Service Node deployed that contains the configuration file and newly created directory. The Details tab for the server opens.
  7. Click the server name menu and select Service Configuration.
  8. From the Service Type drop-down menu, select Syslog.
  9. Under SIEM Settings, set the following parameters:
    • Enable ArcSight Forwarding: select the check box and enter the IP address of the ArcSight server.
  10. Click Update.

For more information on the format of the log messages sent to the remote server, refer to Reference: CEF message format.