Securely Stream Audit Logs

If you stream the audit log to a trusted HTTP server or syslog server, you can use Transport Layer Security (TLS) certificates to secure the channel between the CDO and the server. You must generate a unique client certificate for each appliance you want to audit.

Procedure

Step 1

Obtain and install a signed client certificate on the CDO:

  1. Obtain a Signed Audit Log Client Certificate for the CDO:

    Generate a Certificate Signing Request (CSR) from the CDO based on your system information and the identification information you supply.

    Submit the CSR to a recognized, trusted certificate authority (CA) to request a signed client certificate.

    If you will require mutual authentication between the CDO and the audit log server, the client certificate must be signed by the same CA that signed the server certificate to be used for the connection.

  2. After you receive the signed certificate from the certificate authority, import it into the CDO. See Import an Audit Log Client Certificate into the CDO.

Step 2

Configure the communication channel with the server to use Transport Layer Security (TLS) and enable mutual authentication.

See Require Valid Audit Log Server Certificates.
Step 3

Configure audit log streaming if you have not yet done so.

See Stream Audit Logs to Syslog or Stream Audit Logs to an HTTP Server.