Vinay Kumar Reddy Karri

Configuring seaudit events to syslog

Blog Post created by Vinay Kumar Reddy Karri Employee on Oct 13, 2015

ControlMinder(PIM Endpoint Agent) can be configured so that the seaudit events(logs) will be moved to native filesystem logs such as syslog. This configuration enables one to configure a syslog server which will collect logs,including both native data and seaudit data from all the endpoints.

 

Here is how to do it:

 

1) Stop Access Control

>> secons -sk

 

2) Edit the /opt/CA/AccessControl/log/selogrd.cfg file and add the following

###

Rule#1

syslog LOG_INFO

.

###

 

3)Start Access Control

>> seload

 

4)start selogrd

>> /opt/CA/AccessControl/bin/selogrd

 

Now all the seaudit logs will be moved to syslog upon generation.

 

Different Log Levels that can be used in the rules:

 

LOG_EMERG //System is unusable.

LOG_ALERT //Action must be taken immediately.

LOG_CRIT //Critical conditions.

LOG_ERR //Error conditions.

LOG_WARNING //Warning conditions.

LOG_NOTICE //Normal but significant condition.

LOG_INFO //Informational.

LOG_DEBUG //Debug-level messages.



Thank You for reading!!

Outcomes