Have a random Question as the team will be limited on accessing the VA and had an idea to run by the group.
Do you think we could mount a network storage folder and then change the logs to point and dump to this than on the VA itself.
The thought is then when logs are needed the user can just got to the mapped drive if they have access once they have enabled the logging on the VA to get the logs and never log into the VA
Hi @VBsupport
I haven’t tested it but I don’t know if you would be able to mount a network storage folder/drive to the VA and also unlikely that you would be able to change the logs to print to a new location.
Assuming this is the case, you could potentially explore other options like copying the log file periodically from the VA to a network location
One way to achieve this is to use scp in combination with cron to transfer log files securely over SSH. you could write a script to execute the transfer and use cron to schedule it as often as you need.
Hope that helps or maybe sparks some other ideas 
Yes, the second part is my other option but was trying to add more tools so thought this would be a simpler route. As for changing the log direction i would think so as it is controlled by the log4J files and like IIQ days i should be able to redirect by changing the path. This is all a theory though the easiest would use a SIEM tool which isn’t in scope right now
It would be simply and is worth a try, the reason I think this wouldn’t be possible is its likely restricted from changing the log4j paths on the virtual appliance.
Per my current knowledge and previous working experience in prod support and managing a lot of P1 issues. I have tried to attempt the network storage to be linked to the VA in lower environments of IDN tenant but it is not possible. As the primary activity of VA is to be an independent entity which solely caters to perform the IGA functionalities. We do have some leniency with setting logging levels and capture the logs but we have to do this by stopping the ccg.service and setting these logging levels and restarting the services. So automating the log movement would be a hassle.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.