Support for Tunneling Syslog to On Premise Datacenter when using Adaptive Authentication on Cloud
Article ID: CTX693194
Updated On:
Description
Configure external syslog server when using Adaptive Authentication on Cloud.
Instructions
With the latest NS version V(14.1-34.101) which our Adaptive Authentication instances are currently using , We are now supporting tunneling of syslog traffic to On-Premise datacenter using Cloud Connectors.
This allows you to use Private IPs for syslog server located in your datacenter , in addition to the original support for Public IPs for publicly accessible syslog servers.
In order to Achieve such setup follow the instructions below:
Using CLI:
Configuring audit log action
To configure syslog action in advanced policy infrastructure by using the CLI, at the command prompt, type the following commands to set the parameters and verify the configuration:
add audit syslogAction <name> <serverIP> [-serverPort <port>] -logLevel <logLevel> [-dateFormat ( MMDDYYYY | DDMMYYYY )] [-transport ( TCP | UDP )] show audit syslogAction [<name>]
For example:
add audit syslogAction Test-Splunk-Svr 9.9.9.9 -logLevel EMERGENCY ALERT CRITICAL ERROR WARNING NOTICE INFORMATIONAL show audit syslogAction Test-Splunk-Svr
Configuring audit log policy
To add a syslog audit policy by using the CLI, at the command prompt, type:
add audit syslogPolicy <name> TRUE <syslogAction> show audit syslogPolicy [<name>]
For example:
add audit syslogPolicy Test_Splunk_Pol TRUE Test-Splunk-Svr show audit syslogPolicy Test_Splunk_Pol
Binding audit log policy
Bind the syslog audit log policy in advanced policy framework by using the CLI, at the command prompt, type:
bind audit syslogGlobal <policyName>[-globalBindType <globalBindType>]
For example:
bind audit syslogGlobal -policyName syslogsrvPol -priority 2 -globalBindType SYSTEM_GLOBAL
Using GUI:
Configuring audit log action (Server)
1. Navigate to Configuration > System > Auditing > Syslog.
2. Select Servers tab.
3. Click Add.
4. In the Create Auditing Server page, populate the relevant fields, and click Create.
Configuring audit log policy
6. To add the policy, select the Policies tab, and click Add.
7. In the Create Auditing Syslog Policy page, populate the relevant fields, and click Create.
Binding audit log policy
8. Navigate to Configuration > System > Auditing > Syslog.
9. Select Advanced Policy Global Bindings from the drop-down list.
10. Select the policy name and click Select.
11. From the drop-down list, select the bind point as SYSTEM_GLOBAL and click Bind, and then click Done.
Adaptive authentication setup:
1- If you have the on-Premise server in a known subnet to Adaptive authentication instances, you don't need to do anything but double check if the subnet is connected to the correct Resource location
to Check that go to https://adaptive-authentication.cloud.com/ and access the UI for adaptive authentication :
- On the Adaptive Authentication UI, click Manage Connectivity.
-
Enter the subnet details and select the respective resource location.
- Click Add, and then click Save Changes
2- If you adding the server in a new subnet, Please follow instructions in step 1 but make sure you have a resource location to access this subnet so you can map the subnet to it.
3- If you are creating a new resource location, please make sure to add a new connector in this resource location so you can be able to access the new subnet from it, the map it using step 1 instructions.
Additional Information
