Setup Audit Log
Overview
This function sets up external servers (Syslog servers) for sending audit logs that are detected by the storage system.
Up to two Syslog servers can be registered.
Enable the "Audit Log" setting, and then configure the destination Syslog server. Audit logs are sent after the Syslog server is specified.
Confirm that the audit log has been successfully sent to the Syslog server by logging in and out from Web GUI or CLI and performing a transmission test to the Syslog server.
Even if a communication error occurs between the storage system and the Syslog server, the audit log is not sent again.
Changing the Syslog server setting is only available when the "Audit Log" setting is "Enable". Note that once "on" is selected for the "Send Audit Log" setting, the "Send Audit Log" setting cannot be changed to "off" for both of the Syslog servers (at least one Syslog server must be "on").
The audit log function uses the destination server that has the same interface as the Syslog server. The same server as the Syslog server is also available.
The audit logs are sent to both Syslog servers at the same time.
Even if the "Audit Log" setting changed to "Disable", the audit log setting information in the storage system is maintained.
User Privileges
Availability of Executions in the Default Role
| Default role | Availability of executions |
|---|---|
| Monitor | |
| Admin | |
| StorageAdmin | |
| AccountAdmin | |
| SecurityAdmin | |
| Maintainer |
Refer to "User Roles and Policies" for details on the policies and roles.
Settings
Up to two Syslog servers can be configured. Configure the following parameters for each Syslog server.
Syslog Server1, Syslog Server2
| Item | Description | Setting values |
|---|---|---|
Send Audit Log |
Select from "on (RFC3164)", "on (RFC5424)", or "off" for the audit log sending. Logs are sent in the selected RFC message format. |
on (RFC3164) on (RFC5424) off (Default) |
Domain Name/IP Address |
Input the domain name or the IP address of the Syslog server. There are two methods to specify an IP address; "IPv4" and "IPv6". "Link local address", "global address", "unique local address", or "6to4 address" can be input for the IPv6 address. Refer to "Available IPv6 Address" for details. When the current setting is displayed, the IPv6 address is displayed as an abbreviation. |
For domain name specification Up to 63 alphanumeric characters and symbols For IPv4 address xxx.xxx.xxx.xxx xxx: 1 - 255 for the top field (decimal) xxx: 0 - 255 for other fields (decimal) For IPv6 address xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx xxxx: 0 - ffff (FFFF) (hexadecimal, alphanumeric characters) Refer to "IPv6 Address Notation" for details. |
Port No. |
Input the port number used to send an audit log. |
Numeric characters 1 - 65535 514 (Default) |
LAN Port |
Select the LAN port from "MNT" or "RMT" that is to be used to send an audit log. |
MNT (Default) RMT |
Operating Procedures
Click [Setup Audit Log] in [Action].
Specify the parameters, and click the [Set] button.
→ A confirmation screen appears.
NoteUp to two Syslog servers can be configured. When configuring a second Syslog server, specify the required parameters in "Syslog Server2".
Click the [OK] button.
→ Setting of the audit log starts.
Caution- An error screen appears in the following conditions:
When the "Audit Log" setting is "Disable"
When the specified IP address of the Syslog server conflicts with the internal IP address of the storage system.
- An error screen appears in the following conditions:
Click the [Done] button to return to the [Audit Log] screen.