User activity log forwarding to syslog servers

Description

You enable the forwarding of NSP user activity logs to a remote syslog server by specifying the syslog server parameters in the nsp—modules—logging—forwarding—activityLogs—syslog section of the NSP configuration file.

Note: A syslog server address can be an IPv4 or IPv6 address, or a hostname or FQDN that the local NSP cluster and the NFM-P can resolve.

In order to secure the forwarding of logs to a syslog server, you must generate a TLS certificate on the syslog server, and transfer the certificate to the caCertPath location that you specify in the activityLogs section of the NSP configuration file. During initialization, the NSP imports the certificate to the local TLS truststore.

NFM-P

To enable NFM-P user activity log forwarding, you must configure the remote-syslog parameters using samconfig on each NFM-P main server. In the section, you specify the server address and port, and the local path to the syslog TLS certificate, if the transfer is to be secure.

See “What is user activity log forwarding?” in the NSP System Administrator Guide for information about the NSP user activity syslog record format.

NFM-P fault tolerance

Only the standalone or primary NFM-P main server forwards NFM-P user activity logs; a main server in the role of standby does not forward logs to a syslog server. When the standby assumes the primary role after a main server activity switch or switchover, the new primary main server forwards the logs to the syslog server specified in the local main server configuration.

Note: The greatest fault tolerance in a redundant deployment is achieved if you specify a different syslog server in each main server configuration.