ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Consolidating audit-trail logs to an external server
Article ID: 168027
Updated On:
Products
XOS
Issue/Introduction
Changing syslog,conf for audit-trail logsSometimes customers want to send audit-trail logs to an external server to consolidate logging in the network.
By default, all the CLI changes are logged in the /var/log/audit_trail.log file on the CPM. It is possible to see these changes by using the "show audit-trail" command.
By default, all the CLI changes are logged in the /var/log/audit_trail.log file on the CPM. It is possible to see these changes by using the "show audit-trail" command.
Cause
This article describes how to change the /etc/syslog.conf file on CPM in order to send all audit-trail logs to an external server.
Resolution
Procedure to process the audit_trail log into an external server
####
Audit logging is controlled by syslogd. Crossbeam uses a reserved facility (local6) to send audit-trail messages.
Instead of a local file, you can specify an external server to send audit logs. For example:
You must add the server IP address and hostname to the /etc/hosts file and then restart the syslogd process.
####
Audit logging is controlled by syslogd. Crossbeam uses a reserved facility (local6) to send audit-trail messages.
# tail -1 /etc/syslog.conf
local6.* /var/log/audit_trail.log
local6.* /var/log/audit_trail.log
Instead of a local file, you can specify an external server to send audit logs. For example:
local6.* @server.com
You must add the server IP address and hostname to the /etc/hosts file and then restart the syslogd process.
Workaround
N/AFeedback
Yes
No
Powered by
