Configure an Endpoint to Send seaudit Logs to syslog
This article explains the procedure to configure endpoint to send seos audit logs to syslog. This procedure is helpful when a syslog collector is installed on an endpoint and you must collect endpoint seos audit logs along with syslogs.
capamsc141
This article explains the procedure to configure
Privileged Access Manager
endpoint to send seos
audit logs to syslog
. This procedure is helpful when a syslog collector is installed on an endpoint and you must collect endpoint seos
audit logs along with syslogs.Follow these steps:
- StopPrivileged Access Managerendpoint agent.<INSTALL_DIRECTORY>/PAMSC/bin/secons -sk<INSTALL_DIRECTORY> is the directory wherePrivileged Access Managerendpoint agent is installed.
- Open <INSTALL_DIRECTORY>/PAMSC/log/selogrd.cfg for editing (if not exist, create the file). Add the following rule to the file:Rule#1 syslog LOG_INFO .Note:'.' at the end of the rule is mandatory.
- Save the file.
- RestartPrivileged Access Managerendpoint agent.<INSTALL_DIRECTORY>/PAMSC/bin/seload
- Restartselogrddaemon.<INSTALL_DIRECTORY>/PAMSC/bin/selogrd
- Restartsyslogdon the server.
Now, you can view the
seos
audit logs in the messages file (/var/log/messages).