Session logs / Syslog forwarding to S3 bucket

book

Article ID: 196013

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

In CA PAM we can store only limited records. So if we need all the data we have some options like Syslog server or maybe Splunk server. Currently, we are using the CA PAM in the AWS environment.

So can these logs be forwarded to the S3 bucket in AWS?

Currently, using CA PAM appliance with Linux OS, having configured logrotate and a simple cronjob to upload compressed logs onto S3 bucket it will eliminate an extra server provisioning for logging.

If this is possible from CAPAM appliance?

Cause

This is a howto do query.

This has two aspects
1. Is it possible to redirect syslogs to any Linux host which is in the same hosted platform (VM / AWS)
2. Does CA PAM have the ability to send the session and syslogs directly to the S3 bucket of AWS

Environment

Release: 3.2.x, 3.3.x, 3.4.x

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

1. Using CA PAM the syslogs can be forwarded to any syslog application host as long as the syslog application is accepting incoming traffic over the UDP port.

If the syslogs are required to be sent over to a Linux / UNIX host, refer the documentation on how to setup the syslog service for the specific OS

2. Currently, CA PAM does not have the ability to send session logs or syslogs directly to the S3 bucket. This would be a product enhancement request.