Configure Syslog Settings

Note: Only the Enterprise Edition users with the required permission (Manage Syslog) can configure the Syslog settings. Signatures and signature authorizations can be set to confirm changes with an Auditor license.

All the events recorded in the Event Log are pushed to the Syslog server, if the Syslog setting is set.

To configure Syslog connections,

Go to Administration > Syslog Settings.
Check the Enable Syslog Online Certificate Status Protocol option.

You will now see the options to configure the Syslog connections.

Specify the details as described below:

Server configuration

Server address: Enter a server address.

Protocol: Select a Syslog protocol to convey event notification messages.
Available options are:
- TCP Transmission Control Protocol- A communications standard for delivering data and messages through networks.
- UDP Domain Name server- The system that automatically translates internet addresses to the numeric machine addresses that computers use.

Port: Select a port using the arrow keys.

Use TLS: Check this to use TLS to provide a secure connection for the transport of Syslog messages.

Ignore invalid certificate: Check this to ignore any invalid certificates. Only available if the Use TLS option (above) is enabled.

Send email if server is down: Check this to receive alerts when the server is down. You will be notified again when the server is up and running.

Note: Only available if the SMTP features are enabled.

Note: When the Syslog server is down, the events are queued up automatically. They will be processed again when the server comes up and no events will be lost.

Note: This option is not available when a UDP connection is used. Unlike TCP, there is no UDP “connection” and no universal way for a UDP service to respond to a UDP packet.

Email address: Enter an email address to receive notifications from the Syslog server. Only available if the Send email if server is down option (above) is enabled.

Syslog configuration

Application name: Enter an application name. By default, the application name is set to Data Reviewer. When you configure more than one reviewer server to send logs to the same Syslog server, you can use the Application name to filter the servers (for example, Data Reviewer 1, Data Reviewer 2 etc.).

Serializer: Select a Syslog message format using the drop-down menu.
Available options are:
- Local
- RFC3164 (old format)
- RFC5424 (new format). By default, RFC5424 is selected.

Framing type: Select a framing type using the drop-down menu.
Available options are:
- CR LF Certificate Revocation List
- CR
- LF
- NUL
- OCTET_COUNTING

Syslog facility: Select a Syslog facility to specify the type of system that is logging the message. Messages with different facilities may be handled differently. Available options are:

Kernel: Kernel messages	UUCP: UUCP subsystem
User: User-level messages	Cron: Cron subsystem
Mail: Mail system	FTP: FTP daemon
Daemons: System daemons	NTP: NTP subsystem
Auth: Security / authentication messages	LogAudit: Log audit - security
Syslog: Messages generated internally by Syslog	LogAlert: Log alert - console
LPR: Line printer subsystem	Local0 – Local3: Locally used facilities
News: Network news subsystem

Encoding: Select an encoding method using the drop-down menu.
Available options are:
- UTF8 (default)
- ASCII

Click the Test button (at the top right) to send the selected configuration to the Syslog server. In this case, a test message will be sent to the server.
The configuration status displays a green tick if the configuration is valid.
Click Save changes (when prompted).

Note: If a UDP server configuration is used, a message will be displayed at the bottom right corner stating "UDP is connectionless, please check your Syslog server to verify if configuration is valid".

Note: The Reviewer Syslog client does not support client verification using client certificate.