Hi guys, on our 7-mode heads we head the following Syslog config:
# Log messages of priority warning or higher to the console and all messages of info or higher to /etc/messages log file. # By default, informational messages are logged to the console which is annoying and intrusive when you are using the console for administrative purposes. *.warning /dev/console *.info /etc/messages
# Log all syslog messages and auditlog messages to a remote syslog server for historical analysis and audting. *.info;kern.* @10.1.1.1 cmdsaudit.auditlog @10.1.1.1
We also audited the use of read-only APIs. This worked really well and from our SIEM (collecting these syslogs) and we could basically see all API calls and all logosn as well as all message being logged. How can we setup same for C-mode clusters ?