Fortanix Data Security Manager - Sysadmin Settings

Introduction

Welcome to the Fortanix-Data-Security-Manager (DSM) system administration guide. The purpose of this guide is to describe the system level log management settings that are configured by the System Administrator.

The settings configured here are applicable to every object of the entire cluster.

Log Management

Fortanix DSM automatically maintains an internal audit log of system operations. You can configure Fortanix DSM to send these audit log entries to an external logging system. In this section, you will learn how to log invalid API requests and how to send Fortanix DSM audit logs to the Syslog server.

Log Invalid Parameters

Sometimes applications may send invalid API requests that lead to 4XX errors, such as 400 (bad request) type error. To debug an application against 4XX errors, the Fortanix DSM enables audit logging for such errors using the Log Management feature.

To enable this:

Go to System Administration Settings page.
Click the Log Management tab from the left panel.
Enable the toggle for Logging invalid API requests.
Figure 1: Logging Invalid API Requests

Sending Audit Logs to Syslog

You can configure Fortanix DSM to send audit log entries to the Syslog server.

To configure logging events to Syslog, perform the following:

Click the SETTINGS icon in the Fortanix DSM UI.
Click the Log Management tab from the left panel.
In the Custom Log Management Integrations section of the Log Management page, click the EDIT CONFIGURATION button for Syslog.
Figure 2: Log Management Integration

To enable the TLS, perform the following:
1. Select the Enable TLS check box.
2. Select Global Root CAs, if you are using a certificate that is signed by a well-known public CA.
3. Select Custom CA Certificate, if you as an enterprise want to self-sign the certificate using your own internal CA. To do this, upload the CA certificate using the UPLOAD A FILE When Fortanix DSM as a client connects to the Syslog server and is presented with the server’s certificate, it will be able to validate it using the enrolled custom CA Certificate.
Enter the Host name or IP address of your Syslog server.
You can communicate with a Syslog server either over a non-secure connection or a secure connection using TLS. Depending on the type of TLS certificate that the Syslog server is using,
The default Port number is 514 at which the server must listen for Syslog messages. If you are running on a different port, change to the applicable port number.
When you log an event in Syslog, you can choose to log it in different facilities. This allows you to filter your log for a specific facility. The facilities appearing in the Facility list are well-defined facilities in the Syslog protocol. For example: User, Local0, Local1, and so on. You can configure the Fortanix DSM system to use Local0 facility for instance. This will help in filtering logs from a particular appliance using a facility.

Fortanix Data Security Manager - Sysadmin Settings - Log Management

Introduction

Log Management

Log Invalid Parameters

Sending Audit Logs to Syslog

PLATFORM

Key Insight

Data Security Manager™

Confidential Computing Manager

Enclave Development Platform®

Request A demo

Contact Us

Free Trial

SOLUTIONS

AWS KMS External Key Store (XKS)

Google External Key Manager

Bring Your Own Key (BYOK)

HSM Modernization

Multicloud Key Management

Post Quantum Cryptography

Code Signing

Secrets Management

Tokenization Transparent

Database Encryption

Filesystem Encryption

Confidential Data Search

Confidential AI

Healthcare

Banking & Financial Services

Fintech

Manufacturing

Web 3.0

Federal Government

RESOURCES

Blog

Whitepapers

Datasheets

Solution Briefs

Ebooks

Reports

Case Studies

Webinars

University

Media Kit

Newsletters

COMPANY

About

Careerswe’re hiring

Customers

Partners

Awards

Events

Press

News

Services

Support

FAQ

4.6