VMware Identity Manager 3.3.5 allows you to configure syslog servers using either the TCP or UDP protocol, instead of solely allowing the use of UDP. If you choose to use TCP, you must perform a specific SSL certificate-related procedure. Therefore, if you perform an upgrade to, or a fresh installation of, VMware Identity Manager 3.3.5, afterward if necessary configure the syslog servers.
To save logging history externally, you can configure VMware Identity Manager to export application level events from the service to external syslog servers. Operating system events are not exported.
Use the VMware Identity Manager Console to Configure a Syslog Server
- Log in to the VMware Identity Manager appliance configuration page at https://identitymanagerURL:8443/cfg/login.
- Select Configure Syslog.
- Select Enable.
- Select a network protocol.
UDP VMware Identity Manager transfers logs to syslog servers using the UDP protocol. TCP VMware Identity Manager transfers logs to syslog servers using the TLS protocol.
- Provide the syslog hostname or IP address with the port in the Syslog servers section. If you do not provide a port number, the system uses port 514 as the default.
- Click the + symbol , to add syslog servers
- Click the x symbol , to remove a syslog server.
- Click on Save.
Use the VMware Identity Manager Console to Disable the Syslog Service
If you choose to disable the syslog service, perform the following procedure.
On the Configure Syslog page, select Disable.
Manage the Certificate to Allow Syslog Servers To Use TCP
- Copy the root-ca certificate from the syslog server.
- Log in to the appliance as sshuser and change directories to /etc/ssl/.
- Paste the certificate into the /etc/ssl location.
- Rename the certificate to syslog.pem.
- On the certificate, give the horizon user read permissions.
- Run the command
chmod 640 /etc/ssl/syslog.pem.
- Run the command
chown horizon:www /etc/ssl/syslog.pem.