Documentation forAccess Rights Manager

Set Syslog servers

  1. Add a Syslog server.
  2. Determine Syslog server Name or IP address.
  3. Determine Syslog server port.

You can configure more than one Syslog server. Every event is sent to all servers.

 

  1. Select the categories from which the events should be forwarded to the syslog server. The tables below show which events belong to which categories.
  2. Specify the syslog facility.
  3. Delete a syslog server configuration. The currently selected, light blue highlighted selection is removed.

 

System health status events

Source Event Parameter
armServer

Started

hostname
armServer Shut down hostname
armServer RabbitMQ started hostname, port
armServer RabbitMQ lost hostname, port
armServer

Collector connected

hostname, collector
armServer Collector lost hostname, collector, reason
armServer Database connected hostname
armServer

Database disk space low (DataBaseDiskSpace)

hostname
armServer

Alert message queue warnings

hostname, message
armServer Disk space warning (ArchiveDiskSpace) hostname, message
armServer Logga state changed hostname, logga name, new state
armServer Sensor state changed hostname, sensor name, new state

 

Operational events

Source Event Parameter
armServer

Scan executed

hostname, scan name
armServer Scan failed hostname, scan name, reason
armServer License changed hostname, license information
armServer License scope changed hostname, changed scopes
armServer Mail server error SMTP server, reason
armServer Failed activities (see table below) same as on successful activities (see table below)

 

Activity events

Source Event Parameter
armServer

User/group created

FQDN, user/group name
armServer User/group deleted FQDN, user/group name
armServer group membership changed FQDN, change message
armServer password reset FQDN, user name, reset settings