ControlMinder(PIM Endpoint Agent) can be configured so that the seaudit events(logs) will be moved to native filesystem logs such as syslog. This configuration enables one to configure a syslog server which will collect logs,including both native data and seaudit data from all the endpoints.
Here is how to do it:
1) Stop Access Control
>> secons -sk
2) Edit the /opt/CA/AccessControl/log/selogrd.cfg file and add the following
3)Start Access Control
Now all the seaudit logs will be moved to syslog upon generation.
Different Log Levels that can be used in the rules:
LOG_EMERG //System is unusable.
LOG_ALERT //Action must be taken immediately.
LOG_CRIT //Critical conditions.
LOG_ERR //Error conditions.
LOG_WARNING //Warning conditions.
LOG_NOTICE //Normal but significant condition.
LOG_DEBUG //Debug-level messages.
Thank You for reading!!