Use the Syslog Settings screen to configure Apex Central to forward supported logs to a syslog server.
For more information, see the following topics:
-
If you migrated to Apex Central from a previous Control Manager installation, Apex Central automatically imports your previous syslog forwarding settings configured using the LogForwarder tool (<Control Manager installation directory>\LogForwarder.exe).
-
After migrating to Apex Central, you will no longer be able to execute the LogForwarder tool.
-
Go to Administration > Settings > Syslog Settings.
The Syslog Settings screen appears.
- Select the Enable syslog forwarding check box.
-
Configure the following settings for the server that
receives the forwarded syslogs:
-
Server address: Syslog server IP address or host name
-
Port: Syslog server port number
-
Protocol: Select the transmission protocol
Note:If SSL/TLS is selected, Apex Central accepts valid self-signed certificates by default.
-
If the server certificate contains a Subject Alternative Name, the Subject Alternative Name must contain the server FQDN or IP address.
-
For additional security, use a valid server certificate or upload the server certificate to Apex Central.
-
-
-
(Optional) To upload a server certificate:
Important:
-
Apex Central only supports server certificates in X.509 format with .DER or .PEM encoding.
For more information, see https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them.
-
Apex Central only supports uploading server certificates for SSL/TLS transmissions.
- Select the Use server certificate check box.
- Click Select to select the server certificate from your computer.
-
Click Open.
Apex Central uploads the selected server certificate.
-
-
(Optional) To use a proxy server for syslog forwarding, select the
Use a SOCKS proxy server check box.
Important:
-
Apex Central only supports syslog forwarding over a SOCKS protocol proxy server for SSL/TLS or TCP transmissions.
-
Syslog forwarding does not support HTTP proxy servers. To use a proxy server for syslog forwarding, click Configure proxy settings and select a SOCKS protocol server on the Proxy Settings screen.
For more information, see Configuring Proxy Settings for Component/License Updates, Cloud Services, and Syslog Forwarding.
Apex Central uses the proxy server configured on the Proxy Settings screen (Administration > Settings > Proxy Settings) for syslog forwarding.
-
-
Select the log format:
-
CEF: Uses the standard Common Event Format (CEF) for log messages
-
Apex Central format: Sets the syslog Facility code to "Local0" and the Severity code to "Notice"
For more information, see Supported Log Types and Formats.
-
- Configure the frequency for when Apex Central forwards the logs.
-
Select the log type(s) to forward:
-
Select a log category from the Log
type drop-down list:
Note:
You can select log types from multiple log categories.
-
Security logs
-
Product information
-
-
Select the check box(es) for the log(s) you want
to forward.
Apex Central displays the total number of selected log types next to the Log type drop-down list.
- (Optional) Select another log category from Log type drop-down list to select additional logs types to forward.
-
Select a log category from the Log
type drop-down list:
-
(Optional) Click Test Connection to
test the server connection.
Note:
Testing the connection does not save the syslog server settings.
The syslog server connection status appears at the top of the screen.
-
Click Save.
-
Apex Central starts forwarding logs to the configured syslog server.
-
To monitor the log forwarding status, go to Administration > Command Tracking and select Forward Syslog from the Command drop-down list.
For more information, see Querying and Viewing Commands.
-