Sending syslog via TCP
Some messages can be delivered by SecureTrack using syslog. Looking at the WebUI, only a syslog server can be selected. At first glance, it looks as if SecureTrack supports syslog via UDP and the default port only. In the example below, the syslog server has the IP address 10.0.0.100.
Other references, e.g. in "Policy Change Notifications", "SecureTrack Administrative Alerts", and "SecureTrack Audit Trail" only have buttons to "send by syslog".
Many companies don't allow to use syslog via 514/UDP in their networks. At least TCP has to be used. To configure this, open the URL
https://<IP_SecureTrack>/stcgitest.htm
In the menu select "Edit StConf".
If you follow the link, a short menu opens. Press the button "Fetch Current Conf".
After having done so, the SecureTrack configuration is shown in XML. Now it's necessary to find the section <syslog>
<syslog>
<syslog_server>127.0.0.1</syslog_server>
<port>514</port>
<protocol>udp</protocol>
<policy_syslog>0</policy_syslog>
<admin_alerts_syslog>0</admin_alerts_syslog>
<audit_trail_syslog>1</audit_trail_syslog>
<original_syslog_format>1</original_syslog_format>
</syslog>
Here it's possible to change the IP of the server, the protocol as well as the port. To change it, just fill in the required entries - e.g. syslog shall be sent to 10.0.0.100 using 9000/TCP
Please be aware that currently this configuration is not active for policy notifications!
<syslog>
<syslog_server>10.0.0.100</syslog_server>
<port>9000</port>
<protocol>tcp</protocol>
<policy_syslog>0</policy_syslog>
<admin_alerts_syslog>0</admin_alerts_syslog>
<audit_trail_syslog>1</audit_trail_syslog>
<original_syslog_format>1</original_syslog_format>
</syslog>
Besides this, you can also turn on the options shown in the top screenshot by changing the "0" to "1". It's not necessary to do the change here, because this can be configured via WebUI also.
To save changes, press the button "Submit New Conf". This button shows up at the bottom of the right page.