About secure remote logging
You can securely send logs to a remote server. You’ll need to add the remote log server’s certificate to your appliance.
Adding or replacing a log certificate
To import or replace a log certificate, under Log Certificate select the Replace tab.
Importing or Replacing a Log Certificate
These options are available for importing a log certificate:
Import Certificate and Private Key
Imports the certificate and key. The page displays controls for browsing to and uploading the certificate and key files. You can also use the text box to copy and paste a PEM file. The private key is required regardless of whether you are adding or updating the certificate.
Under Certificate select from the following options:
Upload
Browses to the local file in PKCS-12, PEM, or DER formats.
Paste it here (PEM only)
Allows you to copy and then paste the contents of a PEM file.
Private Key
Selects the private key origin. You can choose from the following private key options:
• The Private Key is in a separate file (see below). You can either upload it or copy and paste it.
• This file includes the Certificate and Private Key.
• The Private Key for this Certificate was created with a CSR generated on this appliance.
Separate Private Key
Upload (PEM or DER formats)
Browses to the local file in PEM or DER formats.
Paste it here (PEM only)
Pastes the contents of a PEM file.
Decryption Password
Specifies the decryption password, if necessary. Passwords are required for PKCS-12 files, optional for PEM files, and never needed for DER files.
To generate a CSR, under Log Certificate select the Generate CSR tab. These configuration options are available:
Common Name
Specifies the common name (hostname).
Organization Name
Specifies the organization name (for example, the company).
Organization Unit Name
Specifies the organization unit name (for example, the section or department).
Locality
Specifies the city.
State
Specifies the state. Do not abbreviate.
Country
Specifies the country (2-letter code only).
Email Address
Specifies the email address of the contact person.
Generate CSR
Generates the Certificate Signing Request.
Adding or removing a remote log server
Remote logging supports secured and unsecured connections to remote logging servers. Secured connections are established using TLS with Reliable Event Logging Protocol (RELP). A log server certificate must be installed before a secure remote logging server can be enabled. For secure remote logging, certificates and keys are moved to the appliance’s secure vault. Ensure that the vault is unlocked before adding certificates and keys. If it is not, they will not be stored in the vault.
The default port number for secure remote logging is 514.
Remote Log Servers
adds a new remote log server from the drop-down menu.
Server IP or Hostname
specifies the server IP address or hostname of the remote log server.
Port
Specifies the port. If you are upgrading from a release that did not include a port number option, you’ll need to remove the remote log server and then add it back, specifying a port. Default is 514.
Minimum Severity
Specifies the minimum severity level for the log messages. The log contains all messages with this severity level or higher. Select one of these levels from the drop-down list:
• Emergency indicates system is unusable.
• Alert indicates action must be taken immediately.
• Critical indicates conditions that affect the functionality of the SteelHead.
• Error indicates conditions that probably affect the functionality of the SteelHead.
• Warning indicates conditions that could affect the functionality of the SteelHead, such as authentication failures.
• Notice indicates normal but significant conditions, such as a configuration change. This is the default setting.
• Info indicates informational messages that provide general information about system operations.
Enable secure connection
Enables secure remote logging. A log server certificate must be installed before a secure remote logging server can be enabled.