• Object ID: 00000018WIA300CF450GYZ
  • Topic ID: id_2024254 Version: 2.2
  • Date: Jun 3, 2020 9:08:15 AM

Enabling remote logging of the audit messages

Enable remote logging of the audit messages.

Procedure

  1. Start the EAT config utility using the firefox localhost:9877/eatAdmin/EATConfig.html command.
  2. Assign a source ID for the scanner on the Audit Message Settings tab.
  3. Click Save.
  4. Click Enterprise Repository to switch to that tab.
  5. Toggle the Enterprise Repository 1 radio button to On.
  6. Fill in the remote (collector) Host Name/IP. Contact site IT for IP address.
  7. Fill in the remote (collector) Port Number.
  8. If a port other than 514 is used for remote syslog, a corresponding modification to the firewall rule configuration is required. The firewall is configured by default to allow only certain outbound destination ports.

    The file to modify is /usr/share/gehc_security/pnf/modality.sh. It contains instructions and standard iptables commands. Specific to syslog, modify the following lines in that file.

    # Below for remote syslog
$IPTABLES -A OUTPUT -p udp -m udp --dport 514 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp --dport 514 -j ACCEPT
  9. Select the protocol for the remote (collector) server communications.
    • TCP-BSD
    • TCP-IETF
    • UDP-BSD
    • UDP-IETF
    • TLS-BSD
    • TLS-IETF
    Note: TLS selection is only available on software version 29 and later and requires that the third party trust certificate from the facility EAT collector server has been imported into the MR system and has been configured for EAT application using the Certificate Management interface, see Importing third-party certificates - public keys.
  10. Click Save.