Adding Audit Log Forwarding Criterion
You can add an audit log forwarding criterion for exporting audit logs to a system log server. To add a criterion, you need Super Administrator or System Administrator privileges.
To add an audit log forwarding criterion:
- On the Junos Space Network Management Platform user interface,
select Administration > Audit Log Forwarding.
The Audit Log Forwarding page appears displaying the list of configured audit log forwarding criteria.
- On the menu bar, click Create Audit Log Forwarding
Criterion (the plus icon).
The Add Audit Log Forwarding Criterion page appears.
- Enter the following details.
Name: Enter the name for the audit log forwarding criterion.
(Optional) Description: Enter a short description for the criterion.
Syslog Host Address: Enter the host address of the system log server. It must either be a fully qualified domain name (FQDN) or the IP address of the system log server.
Port Number: Enter the port number of the system log server. The default port number is 514.
Protocol: Select the protocol from the given list. You can select UDP, TCP, or TLS v1.2. The default protocol used is TCP.
(Optional) To enable filtering of the audit logs to be sent to the system log server, select the Include Filters check box. Selecting this check box enables you to filter out audit logs based on the different parameters displayed on the Audit Log page under the Audit Logs workspace.
If Include Filters is not selected, all the audit logs generated in Junos Space are forwarded to the configured system log server.
(Optional) To enable the criterion, select the Enable this forwarding criterion check box.
- Click Save to save the audit log forwarding
The new criterion is created and the Add Audit Log Forwarding Criterion dialog is displayed with the corresponding Job ID.
(Optional) On clicking the Job ID, you are redirected to the Jobs > Job Management page with a filtered view of the Job corresponding to addition of the new audit log forwarding criterion.