Prerequisites

• Set up an external syslog server. You can use any of the standard syslog servers available.
• Ensure that Workspace ONE Access can reach the syslog server.
• If using TCP protocol, a trusted root certificate to upload is required.

Procedure to Configure a Syslog Server

1. Log in o the Workspace ONE Access console.
2. Select Dashboard > System Diagnostics Dashboard.
3. Click VA Configuration of the service node you want to configure and log in with the admin user password.
4. Select Configure Syslog.
5. Select Enable.
6. Select a network protocol

   UDP	Workspace ONE Access transfers logs to syslog servers using the UDP protocol.
   TCP	Workspace ONE Access transfers logs to syslog servers using the TLS protocol.
   TCP over TLS	Workspace ONE Access transfers logs to syslog servers using the TCP over TLS protocol.

7. If you select the TCP over TLS network protocol, click Choose File to navigate to the root certificate PEM file to import.
   Note: The certificate Common Name must match the syslog hostname or IP address provided while configuring syslog with TCP, otherwise the certificate validation might fail. The syslog server must be configured with a certificate to use the TCP over TLS option.
8. In the Syslog Servers section, add the syslog hostname or IP address with the port number. If you do not provide a port number, the system uses port 514.

   To add another syslog servers, click the + symbol.

9. Click Save.

Deactivate the Syslog Service

1. To deactivate the syslog service, on the VA Configuration > Configure Syslog page, select Disable.
2. Click Save.