Forward logs to Audit Store

Configure logs to reach the Audit Store

After installing or upgrading to the DSG 3.3.0.0, you must configure the DSG to forward the DSG logs to the Audit Store on the ESA using the steps provided in this section.

Ensure that you have configured the Audit Store component on the ESA. Configuring this component allows Audit Store to retrieve the DSG appliance and audit logs.

For more information about Audit Store, refer to the section Understanding the Audit Store in the Protegrity Log Forwarding Guide 10.0.0.

Forwarding appliance logs to the Audit Store

The appliance logs (syslog), transaction metrics, error metrics, and usage metrics are forwarded through the td-agent service to the Audit Store on the ESA.

To forward appliance logs to the Audit Store:

  1. Login to the DSG CLI Manager.

  2. Navigate to Tools > PLUG - Forward logs to Audit Store.

  3. Enter the password of the DSG root user and select OK.

  4. Enter the username and password of the DSG administrator user and select OK.

  5. Select OK .

  6. Enter the IP address for the ESA and select OK. You can specify multiple IP addresses separated by comma.

  7. Enter y to fetch certificates and select OK.

    These certificates is used to validate and connect to the target node. It is required to authenticate with the Audit Store while forwarding logs to the target node.

    If the certificates already exists on the system, then specify n in this screen.

  8. Enter the username and password of the ESA administrator user and select OK.

    The td-agent service is configured to send logs to the Audit Store and the CLI menu appears.

  9. Repeat step 1 to step 8 on all the DSG nodes in the cluster.

Forwarding audit logs to the Audit Store

The audit logs are the data security operation-related logs, namely protect, unprotect, and reprotect and the PEP server logs. The audit logs are forwarded through the Log Forwarder service to the Audit Store on the ESA.

To forward audit logs to the Audit Store:

  1. Login to the DSG CLI Manager.

  2. Navigate to Tools > ESA Communication.

  3. Enter the password of the DSG root user and select OK.

  4. Select the Logforwarder configuration option. Press Tab to select Set Location Now and press Enter.

    The ESA Location screen appears.

  5. Select the ESA that you want to connect with, and then press Tab to select OK and press ENTER.

    The ESA selection screen appears.

    ESA selection screen

    Note: If you want to enter the ESA details manually, then select the Enter manually option. You will be asked to enter the ESA IP address or hostname when this option is selected.

  6. Enter the ESA administrator username and password to establish communication between the ESA and the DSG. Press Tab to select OK and press Enter.

    The Enterprise Security Administrator - Admin Credentials screen appears.

    Enterprise Security Administrator - Admin Credentials screen

  7. Enter the IP address or hostname for the ESA. Press Tab to select OK and press ENTER. You can specify multiple IP addresses separated by comma.

    The Forward Logs to Audit Screen screen appears.

  8. After successfully establishing the connection with the ESA, the following Summary dialog box appears. Press Tab to select OK and press Enter.

    ESA Communication - Summary screen

  9. Repeat step 1 to step 8 on all the DSG nodes in the cluster.