Keyfactor Command audit logging supports collecting audit entries in real time, as they are generated, to a separate server for analysis by a centralized logging solution. A variety of solutions can be supported. Typically the logs are either delivered to an rsyslog
Rsyslog is an open-source software utility used on UNIX and Unix-like computer systems for forwarding log messages in an IP network. daemon on a Linux server, where they are consolidated with other logs and delivered on to a centralized solution, or delivered straight into the receiving pipeline of a centralized solution using a tool such as Splunk or Logstash. Delivery of the logs over a TLS TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. connection is supported for backend solutions that support this option. Configuration of a centralized logging solution for delivery of the audit logs to a backend solution is beyond the scope of this guide. However, a sample rsyslog.conf file showing typical TLS configuration can be found in Prepare for External Log Shipping over TLS (Optional) in the Keyfactor Command Server Installation Guide.
The log output settings can be initially configured during installation and can be updated on the auditing tab of the applications settings page. The application settings that relate to log output are:
- Host Name The unique identifier that serves as name of a computer. It is sometimes presented as a fully qualified domain name (e.g. servername.keyexample.com) and sometimes just as a short name (e.g. servername).
Set this to the fully qualified domain name of the server that will be receiving the logs. - Port
Set this to the TCP port on which your log receipt application is listening to receive the logs. The default value is 514 (the default rsyslog port). - Use SysLog Server
This option defaults to False. Set it to True to enable delivery of logs to an outside server. - Use TLS Connection
This option defaults to False. Set it to True to enable delivery of logs to an outside server over TLS.
When you click Save, Keyfactor Command will verify that a connection can be made to the specified server on the specified port.