Forwarding audit logs to Insight

The audit logs are the data security operation-related logs, such as protect, unprotect, and reprotect and the PEP server logs. The audit logs from the appliance, such as, the DSG are forwarded through the Log Forwarder service to Insight. Insight stores the logs in the Audit Store on the ESA.

The example provided here is for DSG. Refer to the specific protector documentation for the protector configuration.

  1. Log in to the CLI Manager on the appliance.

  2. Navigate to Tools > ESA Communication.

  3. Enter the password of the root user of the appliance and select OK.

  4. Select the Logforwarder configuration option, press Tab to select Set Location Now, and press Enter.

    The ESA Location screen appears.

  5. Select the ESA to connect with, then press Tab to select OK, and press ENTER.

    The ESA selection screen appears.

    ESA selection screen

To enter the ESA details manually, select the Enter manually option. A prompt is displayed to enter the ESA IP address or hostname.

  1. Enter the ESA administrator username and password to establish communication between the ESA and the appliance. Press Tab to select OK and press Enter.

    The Enterprise Security Administrator - Admin Credentials screen appears.

    Enterprise Security Administrator - Admin Credentials screen

  2. Enter the IP address or hostname for the ESA. Press Tab to select OK and press ENTER. Specify multiple IP addresses separated by comma. To add an ESA to the list, specify the IP addresses of all the existing ESAs in the comma separated list, and then specify the IP for the additional ESA.

    The Forward Logs to Audit Screen screen appears.

  3. After successfully establishing the connection with the ESA, the following summary dialog box appears. Press Tab to select OK and press Enter.

    ESA Communication - Summary screen

  4. Repeat step 1 to step 8 on all the appliance nodes in the cluster.

Last modified February 7, 2025