Sending all VED Logs to a Syslog Server


Venafi Encryption Director, TrustAuthority, TrustForce


Occasionally organizations need to send some, or all logged events to a syslog server. This is usually done when the organization is using log correlation software or specialized software to trigger events and notifications to a monitoring group (such as a NOC or SOC). 

Here are some quick notes about how to configure a notification channel and notification rule within the Logging Tree to send ALL events to a syslog server. Of course, you can always customize the notification rules so that only specific events are sent.

First, add a new Syslog Channel to the Channels folder in the Logging Tree:




Next, create a new Notification under the Notification Rules folder within the Logging Tree. Here you will configure rules to include all events by specifying those that have an Event ID between 0 and 4294967295 (equivalent to the hexidecimal 0xFFFFFFFF). Finally, set the target channel by selecting the notification channel that was created in the step above, in this case "Syslog Channel".




After configuring a new Notification Rule, it may be necessary to restart the Venafi Log Server service to make the changes take effect.


Post is closed for comments.