Configure secure syslog settings for Log Analyzer
By default, Log Analyzer will accept secure syslog messages sent to port 6514 provided a secure connection has been established. Log Analyzer will also forward secure syslogs when a log forwarding custom rule action is set to TCP over TLS on port 6514. However, no modification options are possible due to certificate-related limitations in the SolarWinds Platform server.
- TCP forwarding (with the TCP port) supports both plain TCP and TCP over TLS.
- The TCP connection prevents IP spoofing.
If you have devices configured to transmit and forward secure syslog messages, contact SolarWinds Customer Support to ensure the syslog configuration settings are correct to avoid log processing errors. If necessary, SolarWinds can adjust the default values to accommodate a variety of scenarios.
Log Analyzer uses a non-CCPP compliant transmission method (sending and receiving) for secure syslogs. Many checks and errors, including name mismatches, server certificate revocation, certificate chain errors, and missing certificates are ignored. Log Analyzer includes the SolarWinds-SolarWinds Platform certificate for the server by default, which can only be changed by SolarWinds customer support.
Using a custom certificate for syslog service
The following steps allow you to use a custom certificate for syslog service:
-
Import the certificate into the computer certificate store, found in Personal > Certificates. This can be verified in Manage computer certificates. If your certificate is stored elsewhere, you can copy it to this location.
-
Open the certificate. Under the General tab, verify that there is a private key corresponding to the certificate.
-
With the certificate open, obtain the certificate name from Details > Subject. The certificate name is the string following CN=.
-
Update the TIsServerCertificateName in the centralized settings with the certificate name.
-
Restart SolarWinds Log Manager for Orion Syslog Service if it did not restart automatically.