External Syslog Host
The Next Generation Hardware Appliance supports you in sending all system logs to an external syslog host. To do so, you need to configure this host on the Services page. All your system logs are then sent in accordance with RFC 5424.
Follow these steps to add an External Syslog Host.
Log in to your Next Generation Hardware Appliance.
Open the Services page.
In the section External Syslog Hosts, click Add Host to open the corresponding form.
Add Host with TCP Protocol
Specify the Syslog Host:
Enter the host's IPv4/IPv6 address.
Alternatively, enter the hostname of the syslog service.Specify the Port for the desired syslog service.
Port is a number between 1 and 65535.Specify the Protocol (here TCP).
Select the Authentication Mode for the TLS.
There is a choice of Authentication Modes in the drop down menu, each tied to specific requirements.
Connection Security
No TLS
Normal TCP connection (not encrypted).
Server Certificate
TLS connection and the Certificate of the remote Syslog will be verified against the uploaded Server Certificate.
This uploaded Server Certificate can also be the CA that was used to sign the certificate of the remote Host.
Upload the Server Certificate for the connection.
Click Select File and upload the certificate.
The file is now selected. To change it, click on Select Other File.
Server Certificate with Fingerprint (SHA-1)
Same as above (received certificate is valid) and its fingerprint matches the given Authentication Value.
Upload the Server Certificate and enter its SHA-1 as the Authentication Value.
Server Certificate with Fingerprint (SHA-256)
Same as above (received certificate is valid) and its fingerprint matches the given Authentication Value.
Upload the Server Certificate and enter its SHA-256 as the Authentication Value.
Server Certificate with Common Name
Same as Fingerprint (XYZ) but instead of a Fingerprint the Common Name of the certificate will be compared with the given Authentication Value.
Upload the Server Certificate and enter its Common Name as the Authentication Value.
Mutual Authentication
Select the Mutual Authentication for the TLS.
There is a selection of Mutual Authentications in the drop down menu, each tied to their specific requirements.
No Client Authentication
Establish a connection without a Client Authentication.
Use Client Certificate (PEM)
Upload the Client Certificate and the associated Client Private Key that the Software Appliance should use to establish a TLS connection.
Use Client Certificate (P12)
Upload the Client Certificate and the associated private key in the form of a PKCS #12 archive file.
Also specify the Password to open the PKCS#12 file in the Client Credentials Password field.Use Client Certificate (Generated)
The Client Certificate and the associated private key are generated (self-signed) by the Next Generation Hardware Appliance.
The generated Client Certificate can be downloaded in the Syslog table after you add a host. You have the option to specify a Common Name to be configured for this generated certificate.
If no Common Name is specified, the hostname of the Next Generation Hardware Appliance will be used.
Test Connection
It is possible to test whether the Next Generation Hardware Appliance can connect to the Syslog Host with the specified settings.
Click Test Connection.
Click Add Host to confirm your entries and add the host.
The External Syslog Host is now listed.
In the Actions column, you can Edit or Remove the host if necessary.
Add Host with UDP Protocol
Specify the Syslog Host:
Enter the host's IPv4/IPv6 address.
Alternatively, enter the hostname of the syslog service.Specify the Port for the desired syslog service.
Port is a number between 1 and 65535.Specify the Protocol (here UDP).
If the UDP Protocol is selected, TLS Authentication Mode is not available.
It is possible to test whether the Next Generation Hardware Appliance can connect to the Syslog Host with the specified settings.
Click Test Connection.
Click Add Host to confirm your entries and add the host.
The External Syslog Host is now listed.
In the Actions column, you can Edit or Remove the host if necessary.