Configure an Endpoint to Send seaudit Logs to syslog
This article explains the procedure to configure endpoint to send seos audit logs to syslog. This procedure is helpful when a syslog collector is installed on an endpoint and you must collect endpoint seos audit logs along with syslogs.
capamsc141
This article explains the procedure to configure
PAM Server Control
endpoint to send seos
audit logs to syslog
. This procedure is helpful when a syslog collector is installed on an endpoint and you must collect endpoint seos
audit logs along with syslogs.Follow these steps:
- StopPAM Server Controlendpoint agent.<INSTALL_DIRECTORY>/PAMSC/bin/secons -sk<INSTALL_DIRECTORY> is the directory wherePAM Server Controlendpoint agent is installed.
- Open <INSTALL_DIRECTORY>/PAMSC/log/selogrd.cfg for editing (if not exist, create the file). Add the following rule to the file:Rule#1 syslog LOG_INFO .Note:'.' at the end of the rule is mandatory.
- Save the file.
- RestartPAM Server Controlendpoint agent.<INSTALL_DIRECTORY>/PAMSC/bin/seload
- Restartselogrddaemon.<INSTALL_DIRECTORY>/PAMSC/bin/selogrd
- Restartsyslogdon the server.
Now, you can view the
seos
audit logs in the messages file (/var/log/messages).