Analytics Dashboard receives events from Access Manager components and using them for generating reports. By default these are being transferred in non-encrypted channel since we don't have in-built mechanism to do this with ELK stake which we use.. This solution provides a way to make the communication channel secure.
1. Steps to generate the certificate for TLS and basic configuration are same as documented here - Auditing using TLS over TCP
2. In Admin console UI Configure with <Analytics Server IP> and <port> e.g. 5822. Update the server
Analytics Server configuration:
Open /etc/rsyslog.conf file and add following entries at the end of the file.
$template ForwardFormat,"<%PRI%>%TIMESTAMP:::date-rfc3164% %HOSTNAME% %syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%\n"
local0.* -/var/log/vneeraj_log;ForwardFormat //This is optional for testing purpose.
$InputTCPServerRun 5822 -> this should match the Admin console Port
"InputTCPServerStreamDriverPermittedPeer" is the name of client (IDP/AG) and should match the same.
local0.* @@188.8.131.52:1468;ForwardFormat [Analytics Server IP and Logstash port]
local0.* -/var/log/vneeraj_log;ForwardFormat [Local file to check the audit events, not recommended for production]
In "/etc/rsyslog.d/nam.conf" ensure, you have configure the certificate as mentioned in NetIQ access manager document (above) and port is set from the Admin console (5822 in this case).
Note: Ensure ca certificate are part of /etc/ssl/certs directory
On the analytics dashboard, validate the audit log over wireshark. Capture the trace and see they are encrypted from client to analytics dashboard server.