Configuring remote log servers
You configure remote log servers under Administration > System Settings: Logging.
To import or replace a log certificate, under Log Certificate select the Replace tab.
These options are available for importing a log certificate:
Import Certificate and Private Key
Imports the certificate and key. The page displays controls for browsing to and uploading the certificate and key files. You can also use the text box to copy and paste a PEM file. The private key is required regardless of whether you are adding or updating the certificate.
Under Certificate, select from the following options:
Upload
Browses to the local file in PKCS-12, PEM, or DER formats.
Paste it here (PEM only)
Allows you to copy and then paste the contents of a PEM file.
Private Key
Specifies the private key origin. You can choose from the following private key options:
• The Private Key is in a separate file (see below). You can either upload it or copy and paste it.
• This file includes the Certificate and Private Key.
• The Private Key for this Certificate was created with a CSR generated on this appliance.
Separate Private Key
Upload (PEM or DER formats)
Browses to the local file in PEM or DER formats.
Paste it here (PEM only)
Pastes the contents of a PEM file.
Decryption Password
Specifies the decryption password, if necessary. Passwords are required for PKCS-12 files, optional for PEM files, and never needed for DER files.
To generate a CSR, under Log Certificate select the Generate CSR tab. These configuration options are available:
Common Name
Specifies the common name (hostname).
Organization Name
Specifies the organization name (for example, the company).
Organization Unit Name
Specifies the organization unit name (for example, the section or department).
Locality
Specifies the city.
State
Specifies the state. Do not abbreviate.
Country
Specifies the country (2-letter code only).
Email Address
Specifies the email address of the contact person.
Generate CSR
Generates the Certificate Signing Request.
Adding or removing a remote log server
Remote Log Servers
Adds a new remote log server from the drop-down menu.
Server IP or Hostname
Specifies the server IP address or hostname of the remote log server.
Minimum Severity
Specifies the minimum severity level for the log messages. The log contains all messages with this severity level or higher. Select one of these levels from the drop-down list:
• Emergency—The system is unusable.
• Alert—Action must be taken immediately.
• Critical—Conditions that affect the functionality of the SteelHead.
• Error—Conditions that probably affect the functionality of the SteelHead.
• Warning—Conditions that could affect the functionality of the SteelHead, such as authentication failures.
• Notice—Normal but significant conditions, such as a configuration change. This is the default setting.
• Info—Informational messages that provide general information about system operations.
Enable secure connection
Enables secure remote logging. A log certificate must be installed before a secure remote logging server can be enabled.