The Syslog server logs the events that occur on the Unified Access Gateway (UAG) appliance.

Configure the Syslog server settings by providing details such as Category, Protocol, Syslog URL, Syslog Client Certificate, and so on. You can configure multiple syslog servers with different protocols.

Procedure

  1. In the admin UI Configure Manually section, click Select.
  2. Under Advanced Settings, click the gearbox icon next to Syslog Server Settings.
  3. In the Syslog Server Settings window, enter the following details.
    Option Description
    Add Syslog Entry Click Add Syslog Entry to add new syslog server details to the table.
    Category Select the syslog category from the drop-down menu.

    The options are:

    • All Events: All events including audit, edge services, admin, and so on are logged to the Syslog server.
    • Audit Events Only: Only audit events are logged to the Syslog server.
    Protocol

    Select the Syslog server type from the drop-down menu.

    The options are:
    • UDP: Syslog messages are sent over the network in plain text over UDP. It is mandatory to add the Syslog URL.
    • TCP: Syslog messages are streamed over TCP. It is mandatory to add the Syslog URL.

    • TLS: TLS encryption is added between two syslog servers to keep the messages secured. Enter the following details.

      • Host: Add the syslog server host name.
      • (Optional) Port: Add a new syslog server port. The default port number is 514.
      • CA Certificate: Select a valid syslog CA certificate if you have configured syslog servers.
      • TLS Syslog Client Certificate: Select a valid Syslog client certificate in the PEM format.
      • TLS Syslog Client Certificate Key: Select a valid Syslog client certificate key in the PEM format.
    • MQTT: Syslog messages are streamed over MQTT. Enter the following details.
      • URL: Add a new URL or host name or IP address.
      • Topic: Add a string that MQTT recipient uses to filter messages for each connected client.
      • MQTT Client Certificate: Select a valid MQTT CA certificate if you have configured syslog servers.
      • MQTT Client Certificate Key: Select a valid MQTT client certificate in the PEM format.
      • MQTT Server CA Certificate Key: Select a valid MQTT client certificate key in the PEM format.
    Syslog URL Enter the Syslog server URL that is used for logging Unified Access Gateway events. This value can be a URL or a host name or IP address or combination of host name and IP address with optional port number. The default port number is 514.

    Example URLs:

    • server1.example.com
    • 101.20.30.40
    • 1.2.3.4:515

    By default Content Gateway and Secure Email Gateway edge services events are logged. To log events on syslog server for Tunnel Gateway edge service configured on Unified Access Gateway, an administrator has to configure the Syslog on Workspaceone UEM console with the information.

    Syslog Hostname=localhost and Port=514

    Click Add to add the server details. The added details appear in a table on the Syslog Server Settings window but not saved to the back-end until you click Save.
    Syslog Include System Messages Turn on this toggle to enable system services such as haproxy, cron, ssh, kernel, and system to send system messages to the syslog server.

    By default, the toggle is turned off.

    Alternately, this feature can also be configured through the PowerShell deployment. For more information about the setting in the INI file, see Run PowerShell script to deploy.

  4. Click Save.

    If you want to change the added Sylsog servers' settings, click the gearbox icon corresponding to the servers listed in the table. A window appears with the server details. After making the changes, click OK to update the details and then click Save to save the details to the back-end.