Download page Remote Security Logging for IGEL UMS and ICG.
Remote Security Logging for IGEL UMS and ICG
This article describes the remote security logging feature for the IGEL Universal Management Suite (UMS) Console and for IGEL Cloud Gateway (ICG). The remote security logging feature logs security relevant events of the UMS Console and ICG in a separate log file. The file can be picked up by a configured log collector/SIEM.
Remote security logging is independent from the normal logging and is disabled by default.
Enable Remote Security Logging
To enable the feature for the IGEL UMS:
Open the logback configuration file.
On Windows: C:\Program Files\IGEL\RemoteManager\rmguiserver\conf\logback.xml
On Linux: /opt/IGEL/RemoteManager/rmguiserver/conf/logback.xml
Find the property: security.level
Edit the value as follows: <property name="security.level" value="ALL" />
To enable the feature for ICG:
Open the logback configuration file: /opt/IGEL/icg/usg/conf/logback-spring.xml
Find the property: security.level
Edit the value as follows:<logger name="security.logging" additivity="false" level="ALL" />
The user interface option to enable/disable the feature will be available in a future release.
Logged Events
The following UMS events are logged for remote security logging:
UMS user login and logoff
UMS user successful and failed logons
UMS user password change
All direct and indirect assignment changes to devices ("privileged policy changes")
All config changes to devices
Shut down of UMS or ICG services/processes
UMS Administrator user account creation/deletion
UMS Administrator user password change
The following ICG service events are logged for remote security logging:
User creation and deletion
Successful and failed authenticatio
File uploads
Where Is the Log File Stored?
You can find the log file created by remote security logging:
On Windows: C:\Program Files\IGEL\RemoteManager\rmguiserver\logs\ums-server\ums-server-security.log
On Linux: /opt/IGEL/RemoteManager/rmguiserver/logs/ums-server/ums-server-security.log