You can configure a syslog server that can receive the system alerts, the audit trail, and the events. The software forwards the logs to the syslog server every 8 minutes. Syslog server takes maximum of 16 minutes to send data to Syslog or Webhook depending upon the time at which data was generated.
Before You Begin
In a CommCell environment, to connect to a syslog server, you can use either UDP (User Datagram Protocol) or TLS (Transport Layer Security) encryption. Commcell environment supports TLS 1.2.
To enable secure messaging between the Commserve and the syslog server, obtain the certificate authority file that is used to sign Syslog Server certificate. The certificate authority file should be in .pem format only. Also, perform required configurations in the syslog server to accept encrypted messages from the Commserve. Use only the Root Certificate Authority file and the Syslog Server certificate signed by it. Do not use the intermediate Certificate Authority file or the Syslog Server certificate signed by the Certificate Authority.
Verify that the CommServe server can connect to the host or the IP address and port number of the syslog server that you plan to configure.
You can use any syslog server. The following syslog servers are tested and certified by Commvault:
ArcSight Syslog Server
Kiwi Syslog Server
From the navigation pane, go to Manage > System.
The System page appears.
Click the Syslog server tile.
The Syslog server page appears.
In the Hostname box, type hostname or IP address of the syslog server.
In the Port box, type the server port.
To enable secure messaging between the Commserve and the syslog server, move the Enable secure messaging toggle key to the right.
If you enabled secure messaging, then upload the certification authority file in Certificate Authority.
For Forward to Syslog, select the log types that you want to forward to the syslog server.