Forward an audit log

Prerequisites

  • Privileges: Infrastructure administrator.

  • Ensure that any firewalls between HPE OneView and the remote syslog server allow UDP traffic. The default UDP port used is 514.

Procedure
  1. From the main menu, select Settings > Security.
  2. Click the Edit icon in the Security panel or select Actions > Edit.
  3. On the Edit Security screen, under Audit Log, enable Audit log forwarding.
    NOTE:

    Audit log forwarding is disabled by default.

  4. To add a destination system, click Add destination.
  5. In the Add Destination page, provide the following details:
    1. Fully Qualified Domain Name (FQDN) or IP address (IPv4 or IPv6) of the destination system.
    2. The port that the SIEM server is listening on. Default port: 514.
  6. Click Add. To add more destination systems, click Add+. You can configure a maximum of three forwarding destinations.
  7. Click OK.

    The configured forwarding destinations are displayed in the Actions > Audit Log pane.

  8. Click Send test log entry.
  9. Verify that the test entry is successfully forwarded to the destination SIEM server logs.

More information

Audit log forwarding