Breadcrumbs

Sending ASGARD Security Center Logs to Syslog Server

Last Update: 2026-02-11
Applies to version: all versions

Overview

This article guides you through sending Security Center Logs to your Syslog Server, as this feature is not yet available in the UI.

Optionally the communication between the ASC and the log server can be protected by certificates.

Prerequisites

  • An operational ASGARD Security Center.

  • A operational Syslog server as log target.

  • A certificate infrastructure (optional).

  • Root access to the Security Center and the Syslog Server.

Expected result

The Security Center sends logs to the Syslog Server.

Steps to proceed

A. Non protected transmission

  1. Install rsyslog on your Security Center:

sudo -s  
apt update && apt install rsyslog -y  
systemctl status rsyslog

  1. Create rsyslog config file:

vi /etc/rsyslog.d/50-forward-asc-log.conf

  1. For not TLS secured transmission, copy the following code. You can create your own format template or choose from prebuild, depending on the requirements of your log server:

module(load="imfile")

# For ASC server.logs  
input(type="imfile"  
  File="/var/log/asgard-security-center-backend/server.log"  
  Tag="nextron-asc-backend-log"  
  Severity="info"  
  Facility="local6")

if $programname == "nextron-asc-backend-log" then {  
  action(  
    type="omfwd"  
    Target="YOUR-LOG-TARGET"  
    Port="YOUR-LOG-TARGET-PORT"  
    Protocol="YOUR-LOG-TARGET-PROTOCOL" # udp or tcp  
    action.resumeRetryCount="100"  
    queue.type="linkedList"  
    queue.size="10000"  
    Template="RSYSLOG_ForwardFormat"  
  )  
}

  1. Restart Rsyslog:

systemctl restart rsyslog  
systemctl status rsyslog

B. TLS protected transmission

Please be aware, that the CA certificate of your log server is required.

  1. Install rsyslog and rsyslog Gnutls on your Security Center:

sudo -s  
apt update && apt install rsyslog rsyslog-gnutls -y  
systemctl status rsylog

  1. Create an rsyslog config file:

vi /etc/rsyslog.d/50-forward-asc-log-secure.conf

  1. Import your CA certificate into the CA storage of Debian:

mv /tmp/ca.cert /usr/local/share/ca-certificates  
update-ca-certificates

  1. For TLS secured transmission, copy the following code. There are different supported authentication modes to further increase safety:

module(load="imfile")

# For ASC server.logs  
input(type="imfile"  
  File="/var/log/asgard-security-center-backend/server.log"  
  Tag="nextron-asc-backend-log"  
  Severity="info"  
  Facility="local6")

if $programname == "nextron-asc-backend-log" then {  
  action(  
    type="omfwd"  
    Target="YOUR-LOG-TARGET-IP"  
    Port="YOUR-LOG-TARGET-TLS-PORT"  
    Protocol="tcp"  
    action.resumeRetryCount="100"  
    queue.type="linkedList"  
    queue.size="10000"  
    Template="RSYSLOG_ForwardFormat"  
    StreamDriver="gtls"  
    StreamDriverMode="1"  
    StreamDriverAuthMode="anon"  
    StreamDriver.CAFile="/etc/ssl/certs/ca-certificates.crt"  
  )  
}

  1. Restart rsyslog and check for errors:

systemctl restart rsyslog
systemctl status rsyslog

Related Content