Configure an Endpoint to Send seaudit Logs to syslog

This article explains the procedure to configure  endpoint to send seos audit logs to syslog. This procedure is helpful when a syslog collector is installed on an endpoint and you must collect endpoint seos audit logs along with syslogs.
capamsc141
This article explains the procedure to configure
PAM Server Control
 endpoint to send
seos
audit logs to
syslog
. This procedure is helpful when a syslog collector is installed on an endpoint and you must collect endpoint
seos
audit logs along with syslogs.
Follow these steps:
  1. Stop
    PAM Server Control
     endpoint agent.
    <INSTALL_DIRECTORY>/PAMSC/bin/secons -sk
    <INSTALL_DIRECTORY> is the directory where
    PAM Server Control
     endpoint agent is installed.
  2. Open <INSTALL_DIRECTORY>/PAMSC/log/selogrd.cfg for editing (if not exist, create the file). Add the following rule to the file:
    Rule#1 
    syslog LOG_INFO 
    .
    Note:
    '.' at the end of the rule is mandatory.
  3. Save the file.
  4. Restart
    PAM Server Control
     endpoint agent.
    <INSTALL_DIRECTORY>/PAMSC/bin/seload
  5. Restart
    selogrd
    daemon.
    <INSTALL_DIRECTORY>/PAMSC/bin/selogrd
  6. Restart
    syslogd
    on the server.
Now, you can view the
seos
audit logs in the messages file (/var/log/messages).