Audit Settings
Retention settings
The Audit history retention field allows you to configure a retention period for general audit and file audit events (10-1100 days). Any events older than the specified period of time will be automatically removed.
Syslog integration settings
Enabling this integration will instruct Managed File Transfer to transmit any audit event to the configured Syslog server.
Please be aware that the current support is limited to the UDP protocol; therefore, Managed File Transfer cannot validate the connection to the Syslog server. However, a test message will be sent upon successful configuration.
Enabling syslog integration offers the capability to establish multiple syslog servers. Consequently, the audit logs will be replicated and transmitted to each designated server. Please note that the port or address of each server must be unique.
The following settings are available for configuration:
| Setting | Description | Default value |
|---|---|---|
| Facility | The type associated with Managed File Transfer events | User Level Messages |
| Log level | Determines which messages sent to the Syslog server, it filters out any message less important than the one selected | Information |
| Server address | The address of the server where the Syslog is located | 0.0.0.0 |
| Server port | The open port on the Syslog server for accepting messages | 514 |
| Language | The language to use for logging messages | English |
| Timezone | Timezone recorded at the sending log time | (UTC) Coordinated Universal Time |
| Output format | The supported message formats, include: Standard and Common Event Format (CEF) | Standard |
CEF Message Format
Base Format: Date Host CEF:Version|Device Vendor|Device Product|Device Version|Device Event Class ID|Name|Severity|[Extension] Example: 2020-01-16T08:45:47Z LE10-L3174 CEF:0|OPSWAT|MetaDefender MFT|1.0.0.0|1|Logon|6|requestClientApplication=127.0.0.1 deviceAction=Logon outcome=Success msg=Username logged on.