Configure Audit Message Handling

Use the configure-audit-syslog command of the cell management tool to configure the way the system logs audit messages.

Services in each VMware Cloud Director cell log audit messages to the VMware Cloud Director database, where they are preserved for 90 days. To preserve audit messages longer, you can configure VMware Cloud Director services to send audit messages to the Linux syslog utility in addition to the VMware Cloud Director database.

The system configuration script allows you to specify how audit messages are handled. See "Configure Network and Database Connections" in the VMware Cloud Director Installation, Configuration, and Upgrade Guide. The logging options you specify during system configuration are preserved in two files: global.properties and responses.properties. You can change the audit message logging configuration in both files with a cell management tool command line of the following form:

cell-management-toolconfigure-audit-syslog options

Any changes you make with this cell management tool subcommand are preserved in the cell's global.properties and responses.properties files. Changes do not take effect until you re-start the cell.

Table 1. Cell Management Tool Options and Arguments, configure-audit-syslog Subcommand
Option	Argument	Description
--help (-h)	None	Provides a summary of available commands in this category.
--disable (-d)	None	Deactivate logging of audit e vents to syslog. Log audit events only to the VMware Cloud Director database. This option unsets the values of the`audit.syslog.host` and `audit.syslog.port` properties in global.properties and responses.properties.
--syslog-host (-loghost)	IP address or fully-qualified domain name of the syslog server host	This option sets the value of the `audit.syslog.host` property to the specified address or fully-qualified domain name.
--syslog-port (-logport)	integer in the range 0-65535	This option sets the value of the `audit.syslog.port` property to the specified integer.

When you specify a value for --syslog-host, --syslog-port, or both, the command validates that the specified value has the correct form but does not test the combination of host and port for network accessibility or the presence of a running syslog service.

Change the Syslog Server Host Name

Important:

Changes you make using this command are written to the global configuration file and the response file. Before you use this command, be sure that the response fine is in place (in /opt/vmware/vcloud-director/etc/responses.properties) and writeable. See "Protecting and Reusing the Response File" in the VMware Cloud Director Installation, Configuration, and Upgrade Guide.

To change the host to which syslog messages are sent, use a command like this one:

[root@cell1 /opt/vmware/vcloud-director/bin]# cell-management-tool configure-audit-syslog -loghost syslog.example.com 
Using default port 514

This example assumes that the new host listens for syslog messages on the default port.

The command updates global.properties and responses.properties, but the changes do not take effect until you re-start the cell.