Management
Highlighted
Management

Audit logs and syslog forwarding in realtime

‎10-06-2011 01:42 AM

Is there any way I can forward the audit log from NSM to our syslog server in realtime? I know you can use /xdbAuditLogConverter.sh, but that's not sufficient. I need the audit log in realtime.

2 REPLIES 2
Highlighted
Management

Re: Audit logs and syslog forwarding in realtime

‎01-18-2020 12:03 PM

Did you ever find a solution for this? I am running into same problem with NSM 2012.2R14

Highlighted
Management

Re: Audit logs and syslog forwarding in realtime

‎04-08-2020 03:47 AM

To send the audit logs to syslog, use the syntax as follows:

xdbAuditLogConverter.sh /var/netscreen/GuiSvr/xdb syslog x.x.x.x

 

x.x.x.x : IP addr of syslog server.

 

Realtime forwarding is not possible I suppose. But you can refer to : https://kb.juniper.net/InfoCenter/index?page=content&id=KB12001&actp=METADATA 

 You can also use the 'guiSvrcli.sh' script to export the audit logs to csv as well as syslog server along with following filters;

--export_audit_log This command exports audit logs to a CSV file | syslog server
      --filter This parameter enables filter option for auditlog
     --admin filter on admin name
     --device filter on device name
     --action-field filter on type of action
     --domain filter on login domain
     --time filter on time
     --target filter on target object

--action This parameter specifies which action the system should execute for each matching log
--csv This parameter directs the system to output logs using the comma-separated variable format. The value must be a file name.
--syslogs This parameter directs the system to send log to a syslog server. The value must be encoded as [IP|FQDN].

Then you can try and test with the "--time" parameter. Normally it is used to specify the definite time and not realtime,.

This is not QA tested hence cannot comment.

 

Regards
-Animesh
If this worked for you please flag my post as an "Accepted Solution" so others can be benefited.