Forwarding system logs to Insight

When the logging components are configured on the ESA or the appliance, system logs are sent to Insight. Insight stores the logs in the Audit Store. Configure the system to send the system logs to Insight.

  1. Log in to the CLI Manager on the ESA or the appliance.

  2. Navigate to Tools > PLUG - Forward logs to Audit Store.

  3. Enter the password for the root user and select OK.

  4. Enter the IP address of all the nodes in the Audit Store cluster with the Ingest role and select OK. Specify multiple IP addresses separated by comma.

    To identify the node with the Ingest roles, log in to the ESA Web UI and navigate to Audit Store > Cluster Management > Overview > Nodes.

  5. Enter y to fetch certificates and select OK.

    Specifying y fetches td-agent certificates from target node. These certificates can then be used to validate and connect to the target node. They are required to authenticate with Insight while forwarding logs to the target node. The passphrase for the certificates are stored in the /etc/ksa/certs directory.

    Specify n if the certificates are already available on the system, fetching certificates are not required, or custom certificates are to be used.

  6. Enter the credentials for the admin user of the destination machine and select OK.

    The td-agent service is configured to send logs to Insight and the CLI menu appears.


Last modified : December 20, 2024