Solved: stealthwatch audit log forwarding

jitendrac · ‎02-01-2022

What is the difference between audit log destination on SMC appliance admin page and by adding syslog server using desktop client because we can see that using appliance administration interface syslog forwarding is compulsory over TLS. We need to add Syslog SSL/TLS certificate on appliance Trust Store before configuring the Audit Log Destination.

Where as in Desktop Client we can create an action and add plain text syslog server

Is there any difference in audit logs that are being sent from SMC Appliance Admin Interface and Using SMC Desktop Client ?

Aref Alsouqi · ‎02-01-2022

I think the difference is that from the Desktop Client you can only configure the external Syslog servers for the normal Syslog logs, not the audit logs. However, if you want to enable the audit logs which are related to the to be sent to an external Syslog server then you have to enable a Syslog over TLS destination server.

View solution in original post

Aref Alsouqi · ‎02-01-2022

I think the difference is that from the Desktop Client you can only configure the external Syslog servers for the normal Syslog logs, not the audit logs. However, if you want to enable the audit logs which are related to the to be sent to an external Syslog server then you have to enable a Syslog over TLS destination server.