Configuring remote logging

Last Updated : Jun 10, 2026 |

About this task

You can configure Avaya Aura® Device Services to copy OS audit log onto a remote logging server. When remote logging is enabled, Avaya Aura® Device Services writes OS audit log file onto both the local and remote servers at the same time.

To maximize data privacy and security, you can use Kerberos to transfer logs to a remote logging server over a secure connection. For authentication, Kerberos uses a keytab file, which contains pairs of Kerberos principals and encrypted keys. Kerberos Distribution Center (KDC) generates the keytab file.

Before you begin

  • Set up a remote logging server. The exact configuration process depends on the server that you use to store log files. You can use a Linux or Unix server.

  • For a secure connection between Avaya Aura® Device Services and your remote logging server, configure the KDC on the remote logging server. The exact configuration process depends on the server that you use to store log files.

  • If you want to use Kerberos authentication, obtain the keytab file from the KDC and upload it to Avaya Aura® Device Services using any file transfer program. You can upload the keytab file to the /home directory.

Procedure

  1. Log in to the Avaya Aura® Device Services CLI as an administrator.
  2. Run the following command: 
    sys secconfig --stig --remote_audit
  3. When you see the Remote logging active? prompt, type yes.
  4. When you see the Remote server FQDN? prompt, type the FQDN of the remote storage server.

    You must enter the FQDN. IP addresses are not supported.

  5. When you see the Remote logging port? prompt, type 60.

    This is the default logging port value.

  6. When you see the Remote logging enable krb5? prompt, type of the following:

    • yes, if you want to use Kerberos to encrypt log files that Avaya Aura® Device Services off-loads to the remote server.

    • no, if you want to use an unencrypted connection to send log files to the remote server.

  7. When you see the Remote logging krb5_key_file? prompt, do one of the following:

    • If Avaya Aura® Device Services displays the existing keytab file, press Enter.

    • If Avaya Aura® Device Services does not display an existing keytab file, provide the full path to the keytab file that you uploaded on Avaya Aura® Device Services and then press Enter.

      The following is an example of the keytab file location: /home/krb5.keytab.

    Avaya Aura® Device Services checks the keytab file and copies it to the /etc directory.