To configure a syslog channel object
The Syslog Channel object stores the information that the CyberArk Log server needs in order to send log messages to a syslog server.
IMPORTANT Syslog channel drivers can't recognize changes you make to either the Allowed Outbound SSL/TLS Versions settings or Certificate Versions settings. Therefore, following any changes to those settings, please restart the CyberArk Log Server Windows service. For details, see Manually stopping and starting the log server service.
To configure a syslog channel
- In CyberArk Configuration Console, navigate to Tools > Logging > Channels.
-
Right-click Channels, and then point to Add > Syslog.
Refer to the following table while configuring your syslog channel object:
Field
Description
Host
IP address or hostname of the syslog server where you want the CyberArk Log server to send log messages. The target host might look similar to one of the following examples:
- syslog_server.example.com
- 192.0.2.1
- fd9d:1645:7e28:f043:6920:b203:cbe3:54ef
Format
Specify the format you want to use for your syslog messages by selecting one of the following:
-
BSD (Legacy)
For more information, see About the BSD format.
-
Common Event Format (CEF)
For more information, see About the CEF format.
-
JSON
For more information, see About the JSON format.
Facility
Facility code for the syslog channel.
This option is available only if you use the BSD format.
A facility code is used to specify the type of program that is logging the message. Messages with different facilities may be handled differently.
By default, the Syslog channel uses facility 16, or Local0, which is the first unassigned facility value in the list.
For more information on syslog facility values, consult RFC 3164 (https://tools.ietf.org/html/rfc3164).
Protocol
Select either TCP or UDP (the default).
The user datagram protocol (UDP) has been the most common transport layer protocol for network logging with the server listening on port 514. As UDP lacks congestion control mechanisms, TCP must be used for situations where transport layer security (TLS) is required.
Port
Specify the port of your syslog server.
By default, the Syslog channel uses UDP port 514. To change the port number, specify it here. For example, if you want to use UDP port 1022, select the UDP protocol and type 1022 in the Target Port field.
Use TLS
(Conditional)
(Conditional) If you want to establish an encrypted TLS connection to a remote syslog server, you must select TCP as the protocol and set Enable TLS to Yes.
Certificate
(Optional)(Conditional) If you enabled TLS, you can select a certificate credential in cases where the remote syslog server requires authentication using a specific client certificate.
- When you're finished, click OK.