Setup Audit Log

Overview

This function sets up external servers (Syslog servers) for sending audit logs that are detected by the storage system.

Up to two Syslog servers can be registered.

Caution
  • Enable the "Audit Log" setting, and then configure the destination Syslog server. Audit logs are sent after the Syslog server is specified.

  • Confirm that the audit log has been successfully sent to the Syslog server by logging in and out from Web GUI or CLI and performing a transmission test to the Syslog server.

  • Even if a communication error occurs between the storage system and the Syslog server, the audit log is not sent again.

  • Changing the Syslog server setting is only available when the "Audit Log" setting is "Enable". Note that once "on" is selected for the "Send Audit Log" setting, the "Send Audit Log" setting cannot be changed to "off" for both of the Syslog servers (at least one Syslog server must be "on").

Note
  • The audit log function uses the destination server that has the same interface as the Syslog server. The same server as the Syslog server is also available.

  • The audit logs are sent to both Syslog servers at the same time.

  • Even if the "Audit Log" setting changed to "Disable", the audit log setting information in the storage system is maintained.

User Privileges

Availability of Executions in the Default Role

Default role Availability of executions
Monitor  
Admin
StorageAdmin  
AccountAdmin  
SecurityAdmin
Maintainer  

Refer to "User Roles and Policies" for details on the policies and roles.

Settings

Up to two Syslog servers can be configured. Configure the following parameters for each Syslog server.

Syslog Server1, Syslog Server2

Item Description Setting values

Send Audit Log

Select from "on (RFC3164)", "on (RFC5424)", or "off" for the audit log sending.

Logs are sent in the selected RFC message format.

on (RFC3164)

on (RFC5424)

off (Default)

Domain Name/IP Address

Input the domain name or the IP address of the Syslog server.

There are two methods to specify an IP address; "IPv4" and "IPv6". "Link local address", "global address", "unique local address", or "6to4 address" can be input for the IPv6 address. Refer to "Available IPv6 Address" for details. When the current setting is displayed, the IPv6 address is displayed as an abbreviation.

For domain name specification

Up to 63 alphanumeric characters and symbols

For IPv4 address

xxx.xxx.xxx.xxx

xxx: 1 - 255 for the top field (decimal)

xxx: 0 - 255 for other fields (decimal)

For IPv6 address

xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx

xxxx: 0 - ffff (FFFF) (hexadecimal, alphanumeric characters)

Refer to "IPv6 Address Notation" for details.

Port No.

Input the port number used to send an audit log.

Numeric characters

1 - 65535

514 (Default)

LAN Port

Select the LAN port from "MNT" or "RMT" that is to be used to send an audit log.

MNT (Default)

RMT

Operating Procedures

  1. Click [Setup Audit Log] in [Action].

  2. Specify the parameters, and click the [Set] button.

    → A confirmation screen appears.

    Note
    • Up to two Syslog servers can be configured. When configuring a second Syslog server, specify the required parameters in "Syslog Server2".

  3. Click the [OK] button.

    → Setting of the audit log starts.

    Caution
    • An error screen appears in the following conditions:
      • When the "Audit Log" setting is "Disable"

      • When the specified IP address of the Syslog server conflicts with the internal IP address of the storage system.

  4. Click the [Done] button to return to the [Audit Log] screen.