cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
444
Views
5
Helpful
1
Replies
jitendrac
Beginner

stealthwatch audit log forwarding

What is the difference between audit log destination on SMC appliance admin page and by adding syslog server using desktop client because we can see that using appliance administration interface syslog forwarding is compulsory over TLS. We need to add Syslog SSL/TLS certificate on appliance Trust Store before configuring the Audit Log Destination.

Where as in Desktop Client we can create an action and add plain text syslog server 

Is there any difference in audit logs that are being sent from SMC Appliance Admin Interface and Using SMC Desktop Client ?

1 REPLY 1
Aref Alsouqi
Rising star

I think the difference is that from the Desktop Client you can only configure the external Syslog servers for the normal Syslog logs, not the audit logs. However, if you want to enable the audit logs which are related to the to be sent to an external Syslog server then you have to enable a Syslog over TLS destination server.