Skip navigation
All People > Vinay Kumar Reddy Karri > Vinay's Blog > 2015 > October > 13

ControlMinder(PIM Endpoint Agent) can be configured so that the seaudit events(logs) will be moved to native filesystem logs such as syslog. This configuration enables one to configure a syslog server which will collect logs,including both native data and seaudit data from all the endpoints.

 

Here is how to do it:

 

1) Stop Access Control

>> secons -sk

 

2) Edit the /opt/CA/AccessControl/log/selogrd.cfg file and add the following

###

Rule#1

syslog LOG_INFO

.

###

 

3)Start Access Control

>> seload

 

4)start selogrd

>> /opt/CA/AccessControl/bin/selogrd

 

Now all the seaudit logs will be moved to syslog upon generation.

 

Different Log Levels that can be used in the rules:

 

LOG_EMERG //System is unusable.

LOG_ALERT //Action must be taken immediately.

LOG_CRIT //Critical conditions.

LOG_ERR //Error conditions.

LOG_WARNING //Warning conditions.

LOG_NOTICE //Normal but significant condition.

LOG_INFO //Informational.

LOG_DEBUG //Debug-level messages.



Thank You for reading!!