Fortanix Data Security Manager - Sysadmin Settings - Log Management

Introduction

Welcome to the Fortanix Data Security Manager (DSM) system administration guide. The purpose of this guide is to describe the system level log management settings that are configured by the System Administrator.

The settings configured here are applicable to every object of the entire cluster.

 

Log Management

Fortanix DSM automatically maintains an internal audit log of system operations. You can configure Fortanix DSM to send these audit log entries to an external logging system. In this section, you will learn how to log invalid API requests and how to send Fortanix DSM audit logs to the Syslog server.

Log Invalid Parameters

Sometimes applications may send invalid API requests that lead to 4XX errors, such as 400 (bad request) type error. To debug an application against 4XX errors, the Fortanix DSM enables audit logging for such errors using the Log Management feature.

To enable this:

  1. Go to System Administration Settings page.
  2. Click the Log Management tab from the left panel.
  3. Enable the toggle for Logging invalid API requests.LogManagement.png Figure 1: Logging Invalid API Requests

Sending Audit Logs to Syslog

You can configure Fortanix DSM to send audit log entries to the Syslog server.

To configure logging events to Syslog, perform the following:

  1. Click the SETTINGS icon in the Fortanix DSM UI.
  2. Click the Log Management tab from the left panel.
  3. In the Custom Log Management Integrations section of the Log Management page, click the EDIT CONFIGURATION button for Syslog.LogManagementIntegration.png Figure 2: Log Management Integration
  1. To enable the TLS, perform the following:
    1. Select the Enable TLS check box.
    2. Select Global Root CAs, if you are using a certificate that is signed by a well-known public CA.
    3. Select Custom CA Certificate, if you as an enterprise want to self-sign the certificate using your own internal CA. To do this, upload the CA certificate using the UPLOAD A FILE When Fortanix DSM as a client connects to the Syslog server and is presented with the server’s certificate, it will be able to validate it using the enrolled custom CA Certificate.
  2. Enter the Host name or IP address of your Syslog server.
  3. You can communicate with a Syslog server either over a non-secure connection or a secure connection using TLS. Depending on the type of TLS certificate that the Syslog server is using,
  4. The default Port number is 514 at which the server must listen for Syslog messages. If you are running on a different port, change to the applicable port number.
  5. When you log an event in Syslog, you can choose to log it in different facilities. This allows you to filter your log for a specific facility. The facilities appearing in the Facility list are well-defined facilities in the Syslog protocol. For example: User, Local0, Local1, and so on. You can configure the Fortanix DSM system to use Local0 facility for instance. This will help in filtering logs from a particular appliance using a facility.

 

Was this article helpful?
0 out of 0 found this helpful