02-20-2018 03:59 AM
02-20-2018 05:23 AM
When you say, ‘redirect audit log "locally" to syslog’ I believe you are trying to copy all audit log messages to syslogs. If yes, you may do it from :
Grid -> Grid properties -> ‘Monitoring’ -> ‘Copy Audit Log Message to Syslog’.
Please let me know if this was tried already & if this did not meet your expectations. If not, please let me know what seems to be missing.
02-20-2018 06:05 AM
Yes I found this option at the Grid level properties, this means that if I set up it all the audit events related to any appliance will be written to the syslog because it is not possible to overwrite it at the member level.
Is it right?
This also mean that if I enable an external syslog server, all the audit events (for any member) will be sent to external syslog.
Is it right?
Thank you for your precious support !!
02-20-2018 07:57 AM
Yes, you’re right. As you may know, Audit logs would have all administrative activities & would not be member specific. When you enable the ‘Copy Audit Log Message to Syslog’ option, the audit logs would be sent to the syslogs of the Grid master & this in turn gets to your external syslog server depending upon the ‘Severity’ that you choose at Grid -> Grid properties -> Monitoring -> ‘External Syslog Servers’ properties(Per server) -> ‘Severity’.
Hope this helps!