Summary

BoKS Manager 7.0 features a new audit logging infrastructure compliant with syslog. You can if required relay logs from BoKS Manager to an external syslog server. This article describes how to do this.

Procedure


Log relaying has been tested with rsyslog and syslog-ng.

To configure relaying of audit logs to an external syslog server:

  • Configure the external syslog server to accept TCP logging according to RFC5424 or RFC 5425 (for TLS support).
  • Set the BoKS ENV variable BLOGSD_RELAYTO_SYSLOG on the BoKS Master to on.
  • Set the BoKS ENV variable BLOGSD_SYSLOG_ADDR on the BoKS Master to the IP address of the external syslog server. Default value is 127.0.0.1.
  • Set the BoKS ENV variable BLOGSD_SYSLOG_PORT on the BoKS Master to the port number for communicating with the external syslog server. Default value is 6514.
  • Optionally, you can stop audit logs from being sent to the BoKS audit log by setting the BoKS ENV variable BLOGSD_LOGTO_AUDITLOG to off. Note however that log events defined as alarm logs are still processed according to the alarm log command setting as set with bokslogadm -C (default >dev/console) even if this variable is set to off.

Note that when relaying is enabled, TLS encryption of the connection between BoKS and the external syslog server is enabled by default. It is not recommended to remove TLS encryption. Only server side authentication is supported, with BoKS being regarded as the syslog client.

For TLS to function, the syslog server must have a host certificate and at least one CA certificate(s), with no password protecting the private keys and in .pem format. The CA certificate(s) must be imported into the BoKS database in order to verify the external syslog server.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018