On the Logging screen it is possible to configure a remote syslog server, to which all Audit Log entries will be sent. The following can be set:
Log access attempts to non-existent packages
If enabled, then any attempt to access a non-existent package (URL with non-existent package UUID) results in creation of an audit log with this information. Enabling this option can cause excessive logging in case of a DOS attack.
(default: disabled)
Log User-Agent header
If enabled, then all audit log records triggered by web requests will include content of User-Agent HTTP header.
(default: disabled)
Syslog
Syslog server address
Address of the syslog server, to which to send the audit log records. The address format is:
...
The format of sent messages conforms to the RFC 3164, content of the message is in JSON.
The list of all existing audit log types is available here.
The screen looks like this:
...
(default: unset)
The language of syslog records
The language of the log records sent to the configured syslog server.
(default: en)
Retention of audit logs
Automatically delete old audit logs
If this feature is enabled, audit logs will be deleted after the specified number of days.
(default: enabled)
Delete audit logs older than
Specifies the number of days for which audit logs will be retained. After this time they will be automatically deleted.
(default: 1100)